Python cryptography.hazmat.primitives.serialization.Encoding() Examples

The following are 20 code examples of cryptography.hazmat.primitives.serialization.Encoding(). You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may also want to check out all available functions/classes of the module cryptography.hazmat.primitives.serialization , or try the search function .
Example #1
Source File: backend.py    From Carnets with BSD 3-Clause "New" or "Revised" License 5 votes vote down vote up
def _parameter_bytes(self, encoding, format, cdata):
        if encoding is serialization.Encoding.OpenSSH:
            raise TypeError(
                "OpenSSH encoding is not supported"
            )

        # Only DH is supported here currently.
        q = self._ffi.new("BIGNUM **")
        self._lib.DH_get0_pqg(cdata,
                              self._ffi.NULL,
                              q,
                              self._ffi.NULL)
        if encoding is serialization.Encoding.PEM:
            if q[0] != self._ffi.NULL:
                write_bio = self._lib.PEM_write_bio_DHxparams
            else:
                write_bio = self._lib.PEM_write_bio_DHparams
        elif encoding is serialization.Encoding.DER:
            if q[0] != self._ffi.NULL:
                write_bio = self._lib.Cryptography_i2d_DHxparams_bio
            else:
                write_bio = self._lib.i2d_DHparams_bio
        else:
            raise TypeError("encoding must be an item from the Encoding enum")

        bio = self._create_mem_bio_gc()
        res = write_bio(bio, cdata)
        self.openssl_assert(res == 1)
        return self._read_mem_bio(bio) 
Example #2
Source File: backend.py    From teleport with Apache License 2.0 5 votes vote down vote up
def _parameter_bytes(self, encoding, format, cdata):
        if encoding is serialization.Encoding.OpenSSH:
            raise TypeError(
                "OpenSSH encoding is not supported"
            )

        # Only DH is supported here currently.
        q = self._ffi.new("BIGNUM **")
        self._lib.DH_get0_pqg(cdata,
                              self._ffi.NULL,
                              q,
                              self._ffi.NULL)
        if encoding is serialization.Encoding.PEM:
            if q[0] != self._ffi.NULL:
                write_bio = self._lib.PEM_write_bio_DHxparams
            else:
                write_bio = self._lib.PEM_write_bio_DHparams
        elif encoding is serialization.Encoding.DER:
            if q[0] != self._ffi.NULL:
                write_bio = self._lib.Cryptography_i2d_DHxparams_bio
            else:
                write_bio = self._lib.i2d_DHparams_bio
        else:
            raise TypeError("encoding must be an item from the Encoding enum")

        bio = self._create_mem_bio_gc()
        res = write_bio(bio, cdata)
        self.openssl_assert(res == 1)
        return self._read_mem_bio(bio) 
Example #3
Source File: backend.py    From quickstart-redhat-openshift with Apache License 2.0 5 votes vote down vote up
def _parameter_bytes(self, encoding, format, cdata):
        if encoding is serialization.Encoding.OpenSSH:
            raise TypeError(
                "OpenSSH encoding is not supported"
            )

        # Only DH is supported here currently.
        q = self._ffi.new("BIGNUM **")
        self._lib.DH_get0_pqg(cdata,
                              self._ffi.NULL,
                              q,
                              self._ffi.NULL)
        if encoding is serialization.Encoding.PEM:
            if q[0] != self._ffi.NULL:
                write_bio = self._lib.PEM_write_bio_DHxparams
            else:
                write_bio = self._lib.PEM_write_bio_DHparams
        elif encoding is serialization.Encoding.DER:
            if q[0] != self._ffi.NULL:
                write_bio = self._lib.Cryptography_i2d_DHxparams_bio
            else:
                write_bio = self._lib.i2d_DHparams_bio
        else:
            raise TypeError("encoding must be an item from the Encoding enum")

        bio = self._create_mem_bio_gc()
        res = write_bio(bio, cdata)
        self.openssl_assert(res == 1)
        return self._read_mem_bio(bio) 
Example #4
Source File: backend.py    From teleport with Apache License 2.0 5 votes vote down vote up
def _parameter_bytes(self, encoding, format, cdata):
        if encoding is serialization.Encoding.OpenSSH:
            raise TypeError(
                "OpenSSH encoding is not supported"
            )

        # Only DH is supported here currently.
        q = self._ffi.new("BIGNUM **")
        self._lib.DH_get0_pqg(cdata,
                              self._ffi.NULL,
                              q,
                              self._ffi.NULL)
        if encoding is serialization.Encoding.PEM:
            if q[0] != self._ffi.NULL:
                write_bio = self._lib.PEM_write_bio_DHxparams
            else:
                write_bio = self._lib.PEM_write_bio_DHparams
        elif encoding is serialization.Encoding.DER:
            if q[0] != self._ffi.NULL:
                write_bio = self._lib.Cryptography_i2d_DHxparams_bio
            else:
                write_bio = self._lib.i2d_DHparams_bio
        else:
            raise TypeError("encoding must be an item from the Encoding enum")

        bio = self._create_mem_bio_gc()
        res = write_bio(bio, cdata)
        self.openssl_assert(res == 1)
        return self._read_mem_bio(bio) 
Example #5
Source File: backend.py    From teleport with Apache License 2.0 5 votes vote down vote up
def _parameter_bytes(self, encoding, format, cdata):
        if encoding is serialization.Encoding.OpenSSH:
            raise TypeError(
                "OpenSSH encoding is not supported"
            )

        # Only DH is supported here currently.
        q = self._ffi.new("BIGNUM **")
        self._lib.DH_get0_pqg(cdata,
                              self._ffi.NULL,
                              q,
                              self._ffi.NULL)
        if encoding is serialization.Encoding.PEM:
            if q[0] != self._ffi.NULL:
                write_bio = self._lib.PEM_write_bio_DHxparams
            else:
                write_bio = self._lib.PEM_write_bio_DHparams
        elif encoding is serialization.Encoding.DER:
            if q[0] != self._ffi.NULL:
                write_bio = self._lib.Cryptography_i2d_DHxparams_bio
            else:
                write_bio = self._lib.i2d_DHparams_bio
        else:
            raise TypeError("encoding must be an item from the Encoding enum")

        bio = self._create_mem_bio_gc()
        res = write_bio(bio, cdata)
        self.openssl_assert(res == 1)
        return self._read_mem_bio(bio) 
Example #6
Source File: backend.py    From oss-ftp with MIT License 5 votes vote down vote up
def _public_key_bytes(self, encoding, format, evp_pkey, cdata):
        if not isinstance(encoding, serialization.Encoding):
            raise TypeError("encoding must be an item from the Encoding enum")

        if format is serialization.PublicFormat.SubjectPublicKeyInfo:
            if encoding is serialization.Encoding.PEM:
                write_bio = self._lib.PEM_write_bio_PUBKEY
            else:
                assert encoding is serialization.Encoding.DER
                write_bio = self._lib.i2d_PUBKEY_bio

            key = evp_pkey
        elif format is serialization.PublicFormat.PKCS1:
            # Only RSA is supported here.
            assert evp_pkey.type == self._lib.EVP_PKEY_RSA
            if encoding is serialization.Encoding.PEM:
                write_bio = self._lib.PEM_write_bio_RSAPublicKey
            else:
                assert encoding is serialization.Encoding.DER
                write_bio = self._lib.i2d_RSAPublicKey_bio

            key = cdata
        else:
            raise TypeError(
                "format must be an item from the PublicFormat enum"
            )

        bio = self._create_mem_bio()
        res = write_bio(bio, key)
        self.openssl_assert(res == 1)
        return self._read_mem_bio(bio) 
Example #7
Source File: backend.py    From learn_python3_spider with MIT License 5 votes vote down vote up
def _parameter_bytes(self, encoding, format, cdata):
        if encoding is serialization.Encoding.OpenSSH:
            raise TypeError(
                "OpenSSH encoding is not supported"
            )

        # Only DH is supported here currently.
        q = self._ffi.new("BIGNUM **")
        self._lib.DH_get0_pqg(cdata,
                              self._ffi.NULL,
                              q,
                              self._ffi.NULL)
        if encoding is serialization.Encoding.PEM:
            if q[0] != self._ffi.NULL:
                write_bio = self._lib.PEM_write_bio_DHxparams
            else:
                write_bio = self._lib.PEM_write_bio_DHparams
        elif encoding is serialization.Encoding.DER:
            if q[0] != self._ffi.NULL:
                write_bio = self._lib.Cryptography_i2d_DHxparams_bio
            else:
                write_bio = self._lib.i2d_DHparams_bio
        else:
            raise TypeError("encoding must be an item from the Encoding enum")

        bio = self._create_mem_bio_gc()
        res = write_bio(bio, cdata)
        self.openssl_assert(res == 1)
        return self._read_mem_bio(bio) 
Example #8
Source File: backend.py    From quickstart-git2s3 with Apache License 2.0 5 votes vote down vote up
def _parameter_bytes(self, encoding, format, cdata):
        if encoding is serialization.Encoding.OpenSSH:
            raise TypeError(
                "OpenSSH encoding is not supported"
            )

        # Only DH is supported here currently.
        q = self._ffi.new("BIGNUM **")
        self._lib.DH_get0_pqg(cdata,
                              self._ffi.NULL,
                              q,
                              self._ffi.NULL)
        if encoding is serialization.Encoding.PEM:
            if q[0] != self._ffi.NULL:
                write_bio = self._lib.PEM_write_bio_DHxparams
            else:
                write_bio = self._lib.PEM_write_bio_DHparams
        elif encoding is serialization.Encoding.DER:
            if q[0] != self._ffi.NULL:
                write_bio = self._lib.Cryptography_i2d_DHxparams_bio
            else:
                write_bio = self._lib.i2d_DHparams_bio
        else:
            raise TypeError("encoding must be an item from the Encoding enum")

        bio = self._create_mem_bio_gc()
        res = write_bio(bio, cdata)
        self.openssl_assert(res == 1)
        return self._read_mem_bio(bio) 
Example #9
Source File: backend.py    From learn_python3_spider with MIT License 4 votes vote down vote up
def _openssh_public_key_bytes(self, key):
        if isinstance(key, rsa.RSAPublicKey):
            public_numbers = key.public_numbers()
            return b"ssh-rsa " + base64.b64encode(
                ssh._ssh_write_string(b"ssh-rsa") +
                ssh._ssh_write_mpint(public_numbers.e) +
                ssh._ssh_write_mpint(public_numbers.n)
            )
        elif isinstance(key, dsa.DSAPublicKey):
            public_numbers = key.public_numbers()
            parameter_numbers = public_numbers.parameter_numbers
            return b"ssh-dss " + base64.b64encode(
                ssh._ssh_write_string(b"ssh-dss") +
                ssh._ssh_write_mpint(parameter_numbers.p) +
                ssh._ssh_write_mpint(parameter_numbers.q) +
                ssh._ssh_write_mpint(parameter_numbers.g) +
                ssh._ssh_write_mpint(public_numbers.y)
            )
        elif isinstance(key, ed25519.Ed25519PublicKey):
            raw_bytes = key.public_bytes(serialization.Encoding.Raw,
                                         serialization.PublicFormat.Raw)
            return b"ssh-ed25519 " + base64.b64encode(
                ssh._ssh_write_string(b"ssh-ed25519") +
                ssh._ssh_write_string(raw_bytes)
            )
        elif isinstance(key, ec.EllipticCurvePublicKey):
            public_numbers = key.public_numbers()
            try:
                curve_name = {
                    ec.SECP256R1: b"nistp256",
                    ec.SECP384R1: b"nistp384",
                    ec.SECP521R1: b"nistp521",
                }[type(public_numbers.curve)]
            except KeyError:
                raise ValueError(
                    "Only SECP256R1, SECP384R1, and SECP521R1 curves are "
                    "supported by the SSH public key format"
                )

            point = key.public_bytes(
                serialization.Encoding.X962,
                serialization.PublicFormat.UncompressedPoint
            )
            return b"ecdsa-sha2-" + curve_name + b" " + base64.b64encode(
                ssh._ssh_write_string(b"ecdsa-sha2-" + curve_name) +
                ssh._ssh_write_string(curve_name) +
                ssh._ssh_write_string(point)
            )
        else:
            raise ValueError(
                "OpenSSH encoding is not supported for this key type"
            ) 
Example #10
Source File: backend.py    From Carnets with BSD 3-Clause "New" or "Revised" License 4 votes vote down vote up
def _openssh_public_key_bytes(self, key):
        if isinstance(key, rsa.RSAPublicKey):
            public_numbers = key.public_numbers()
            return b"ssh-rsa " + base64.b64encode(
                ssh._ssh_write_string(b"ssh-rsa") +
                ssh._ssh_write_mpint(public_numbers.e) +
                ssh._ssh_write_mpint(public_numbers.n)
            )
        elif isinstance(key, dsa.DSAPublicKey):
            public_numbers = key.public_numbers()
            parameter_numbers = public_numbers.parameter_numbers
            return b"ssh-dss " + base64.b64encode(
                ssh._ssh_write_string(b"ssh-dss") +
                ssh._ssh_write_mpint(parameter_numbers.p) +
                ssh._ssh_write_mpint(parameter_numbers.q) +
                ssh._ssh_write_mpint(parameter_numbers.g) +
                ssh._ssh_write_mpint(public_numbers.y)
            )
        elif isinstance(key, ed25519.Ed25519PublicKey):
            raw_bytes = key.public_bytes(serialization.Encoding.Raw,
                                         serialization.PublicFormat.Raw)
            return b"ssh-ed25519 " + base64.b64encode(
                ssh._ssh_write_string(b"ssh-ed25519") +
                ssh._ssh_write_string(raw_bytes)
            )
        elif isinstance(key, ec.EllipticCurvePublicKey):
            public_numbers = key.public_numbers()
            try:
                curve_name = {
                    ec.SECP256R1: b"nistp256",
                    ec.SECP384R1: b"nistp384",
                    ec.SECP521R1: b"nistp521",
                }[type(public_numbers.curve)]
            except KeyError:
                raise ValueError(
                    "Only SECP256R1, SECP384R1, and SECP521R1 curves are "
                    "supported by the SSH public key format"
                )

            point = key.public_bytes(
                serialization.Encoding.X962,
                serialization.PublicFormat.UncompressedPoint
            )
            return b"ecdsa-sha2-" + curve_name + b" " + base64.b64encode(
                ssh._ssh_write_string(b"ecdsa-sha2-" + curve_name) +
                ssh._ssh_write_string(curve_name) +
                ssh._ssh_write_string(point)
            )
        else:
            raise ValueError(
                "OpenSSH encoding is not supported for this key type"
            ) 
Example #11
Source File: backend.py    From Carnets with BSD 3-Clause "New" or "Revised" License 4 votes vote down vote up
def _public_key_bytes(self, encoding, format, key, evp_pkey, cdata):
        if not isinstance(encoding, serialization.Encoding):
            raise TypeError("encoding must be an item from the Encoding enum")

        # Compressed/UncompressedPoint are only valid for EC keys and those
        # cases are handled by the ECPublicKey public_bytes method before this
        # method is called
        if format in (serialization.PublicFormat.UncompressedPoint,
                      serialization.PublicFormat.CompressedPoint):
            raise ValueError("Point formats are not valid for this key type")

        # Raw format and encoding are only valid for X25519, Ed25519, X448, and
        # Ed448 keys. We capture those cases before this method is called so if
        # we see those enum values here it means the caller has passed them to
        # a key that doesn't support raw type
        if format is serialization.PublicFormat.Raw:
            raise ValueError("raw format is invalid with this key or encoding")

        if encoding is serialization.Encoding.Raw:
            raise ValueError("raw encoding is invalid with this key or format")

        if (
            format is serialization.PublicFormat.OpenSSH or
            encoding is serialization.Encoding.OpenSSH
        ):
            if (
                format is not serialization.PublicFormat.OpenSSH or
                encoding is not serialization.Encoding.OpenSSH
            ):
                raise ValueError(
                    "OpenSSH format must be used with OpenSSH encoding"
                )
            return self._openssh_public_key_bytes(key)
        elif format is serialization.PublicFormat.SubjectPublicKeyInfo:
            if encoding is serialization.Encoding.PEM:
                write_bio = self._lib.PEM_write_bio_PUBKEY
            else:
                assert encoding is serialization.Encoding.DER
                write_bio = self._lib.i2d_PUBKEY_bio

            key = evp_pkey
        elif format is serialization.PublicFormat.PKCS1:
            # Only RSA is supported here.
            assert self._lib.EVP_PKEY_id(evp_pkey) == self._lib.EVP_PKEY_RSA
            if encoding is serialization.Encoding.PEM:
                write_bio = self._lib.PEM_write_bio_RSAPublicKey
            else:
                assert encoding is serialization.Encoding.DER
                write_bio = self._lib.i2d_RSAPublicKey_bio

            key = cdata
        else:
            raise TypeError(
                "format must be an item from the PublicFormat enum"
            )

        bio = self._create_mem_bio_gc()
        res = write_bio(bio, key)
        self.openssl_assert(res == 1)
        return self._read_mem_bio(bio) 
Example #12
Source File: backend.py    From quickstart-redhat-openshift with Apache License 2.0 4 votes vote down vote up
def _openssh_public_key_bytes(self, key):
        if isinstance(key, rsa.RSAPublicKey):
            public_numbers = key.public_numbers()
            return b"ssh-rsa " + base64.b64encode(
                ssh._ssh_write_string(b"ssh-rsa") +
                ssh._ssh_write_mpint(public_numbers.e) +
                ssh._ssh_write_mpint(public_numbers.n)
            )
        elif isinstance(key, dsa.DSAPublicKey):
            public_numbers = key.public_numbers()
            parameter_numbers = public_numbers.parameter_numbers
            return b"ssh-dss " + base64.b64encode(
                ssh._ssh_write_string(b"ssh-dss") +
                ssh._ssh_write_mpint(parameter_numbers.p) +
                ssh._ssh_write_mpint(parameter_numbers.q) +
                ssh._ssh_write_mpint(parameter_numbers.g) +
                ssh._ssh_write_mpint(public_numbers.y)
            )
        else:
            assert isinstance(key, ec.EllipticCurvePublicKey)
            public_numbers = key.public_numbers()
            try:
                curve_name = {
                    ec.SECP256R1: b"nistp256",
                    ec.SECP384R1: b"nistp384",
                    ec.SECP521R1: b"nistp521",
                }[type(public_numbers.curve)]
            except KeyError:
                raise ValueError(
                    "Only SECP256R1, SECP384R1, and SECP521R1 curves are "
                    "supported by the SSH public key format"
                )

            point = key.public_bytes(
                serialization.Encoding.X962,
                serialization.PublicFormat.UncompressedPoint
            )
            return b"ecdsa-sha2-" + curve_name + b" " + base64.b64encode(
                ssh._ssh_write_string(b"ecdsa-sha2-" + curve_name) +
                ssh._ssh_write_string(curve_name) +
                ssh._ssh_write_string(point)
            ) 
Example #13
Source File: backend.py    From quickstart-redhat-openshift with Apache License 2.0 4 votes vote down vote up
def _public_key_bytes(self, encoding, format, key, evp_pkey, cdata):
        if not isinstance(encoding, serialization.Encoding):
            raise TypeError("encoding must be an item from the Encoding enum")

        # Compressed/UncompressedPoint are only valid for EC keys and those
        # cases are handled by the ECPublicKey public_bytes method before this
        # method is called
        if format in (serialization.PublicFormat.UncompressedPoint,
                      serialization.PublicFormat.CompressedPoint):
            raise ValueError("Point formats are not valid for this key type")

        # Raw format and encoding are only valid for X25519, Ed25519, X448, and
        # Ed448 keys. We capture those cases before this method is called so if
        # we see those enum values here it means the caller has passed them to
        # a key that doesn't support raw type
        if format is serialization.PublicFormat.Raw:
            raise ValueError("raw format is invalid with this key or encoding")

        if encoding is serialization.Encoding.Raw:
            raise ValueError("raw encoding is invalid with this key or format")

        if (
            format is serialization.PublicFormat.OpenSSH or
            encoding is serialization.Encoding.OpenSSH
        ):
            if (
                format is not serialization.PublicFormat.OpenSSH or
                encoding is not serialization.Encoding.OpenSSH
            ):
                raise ValueError(
                    "OpenSSH format must be used with OpenSSH encoding"
                )
            return self._openssh_public_key_bytes(key)
        elif format is serialization.PublicFormat.SubjectPublicKeyInfo:
            if encoding is serialization.Encoding.PEM:
                write_bio = self._lib.PEM_write_bio_PUBKEY
            else:
                assert encoding is serialization.Encoding.DER
                write_bio = self._lib.i2d_PUBKEY_bio

            key = evp_pkey
        elif format is serialization.PublicFormat.PKCS1:
            # Only RSA is supported here.
            assert self._lib.EVP_PKEY_id(evp_pkey) == self._lib.EVP_PKEY_RSA
            if encoding is serialization.Encoding.PEM:
                write_bio = self._lib.PEM_write_bio_RSAPublicKey
            else:
                assert encoding is serialization.Encoding.DER
                write_bio = self._lib.i2d_RSAPublicKey_bio

            key = cdata
        else:
            raise TypeError(
                "format must be an item from the PublicFormat enum"
            )

        bio = self._create_mem_bio_gc()
        res = write_bio(bio, key)
        self.openssl_assert(res == 1)
        return self._read_mem_bio(bio) 
Example #14
Source File: backend.py    From quickstart-git2s3 with Apache License 2.0 4 votes vote down vote up
def _public_key_bytes(self, encoding, format, key, evp_pkey, cdata):
        if not isinstance(encoding, serialization.Encoding):
            raise TypeError("encoding must be an item from the Encoding enum")

        if (
            format is serialization.PublicFormat.OpenSSH or
            encoding is serialization.Encoding.OpenSSH
        ):
            if (
                format is not serialization.PublicFormat.OpenSSH or
                encoding is not serialization.Encoding.OpenSSH
            ):
                raise ValueError(
                    "OpenSSH format must be used with OpenSSH encoding"
                )
            return self._openssh_public_key_bytes(key)
        elif format is serialization.PublicFormat.SubjectPublicKeyInfo:
            if encoding is serialization.Encoding.PEM:
                write_bio = self._lib.PEM_write_bio_PUBKEY
            else:
                assert encoding is serialization.Encoding.DER
                write_bio = self._lib.i2d_PUBKEY_bio

            key = evp_pkey
        elif format is serialization.PublicFormat.PKCS1:
            # Only RSA is supported here.
            assert self._lib.EVP_PKEY_id(evp_pkey) == self._lib.EVP_PKEY_RSA
            if encoding is serialization.Encoding.PEM:
                write_bio = self._lib.PEM_write_bio_RSAPublicKey
            else:
                assert encoding is serialization.Encoding.DER
                write_bio = self._lib.i2d_RSAPublicKey_bio

            key = cdata
        else:
            raise TypeError(
                "format must be an item from the PublicFormat enum"
            )

        bio = self._create_mem_bio_gc()
        res = write_bio(bio, key)
        self.openssl_assert(res == 1)
        return self._read_mem_bio(bio) 
Example #15
Source File: backend.py    From learn_python3_spider with MIT License 4 votes vote down vote up
def _public_key_bytes(self, encoding, format, key, evp_pkey, cdata):
        if not isinstance(encoding, serialization.Encoding):
            raise TypeError("encoding must be an item from the Encoding enum")

        # Compressed/UncompressedPoint are only valid for EC keys and those
        # cases are handled by the ECPublicKey public_bytes method before this
        # method is called
        if format in (serialization.PublicFormat.UncompressedPoint,
                      serialization.PublicFormat.CompressedPoint):
            raise ValueError("Point formats are not valid for this key type")

        # Raw format and encoding are only valid for X25519, Ed25519, X448, and
        # Ed448 keys. We capture those cases before this method is called so if
        # we see those enum values here it means the caller has passed them to
        # a key that doesn't support raw type
        if format is serialization.PublicFormat.Raw:
            raise ValueError("raw format is invalid with this key or encoding")

        if encoding is serialization.Encoding.Raw:
            raise ValueError("raw encoding is invalid with this key or format")

        if (
            format is serialization.PublicFormat.OpenSSH or
            encoding is serialization.Encoding.OpenSSH
        ):
            if (
                format is not serialization.PublicFormat.OpenSSH or
                encoding is not serialization.Encoding.OpenSSH
            ):
                raise ValueError(
                    "OpenSSH format must be used with OpenSSH encoding"
                )
            return self._openssh_public_key_bytes(key)
        elif format is serialization.PublicFormat.SubjectPublicKeyInfo:
            if encoding is serialization.Encoding.PEM:
                write_bio = self._lib.PEM_write_bio_PUBKEY
            else:
                assert encoding is serialization.Encoding.DER
                write_bio = self._lib.i2d_PUBKEY_bio

            key = evp_pkey
        elif format is serialization.PublicFormat.PKCS1:
            # Only RSA is supported here.
            assert self._lib.EVP_PKEY_id(evp_pkey) == self._lib.EVP_PKEY_RSA
            if encoding is serialization.Encoding.PEM:
                write_bio = self._lib.PEM_write_bio_RSAPublicKey
            else:
                assert encoding is serialization.Encoding.DER
                write_bio = self._lib.i2d_RSAPublicKey_bio

            key = cdata
        else:
            raise TypeError(
                "format must be an item from the PublicFormat enum"
            )

        bio = self._create_mem_bio_gc()
        res = write_bio(bio, key)
        self.openssl_assert(res == 1)
        return self._read_mem_bio(bio) 
Example #16
Source File: backend.py    From teleport with Apache License 2.0 4 votes vote down vote up
def _openssh_public_key_bytes(self, key):
        if isinstance(key, rsa.RSAPublicKey):
            public_numbers = key.public_numbers()
            return b"ssh-rsa " + base64.b64encode(
                ssh._ssh_write_string(b"ssh-rsa") +
                ssh._ssh_write_mpint(public_numbers.e) +
                ssh._ssh_write_mpint(public_numbers.n)
            )
        elif isinstance(key, dsa.DSAPublicKey):
            public_numbers = key.public_numbers()
            parameter_numbers = public_numbers.parameter_numbers
            return b"ssh-dss " + base64.b64encode(
                ssh._ssh_write_string(b"ssh-dss") +
                ssh._ssh_write_mpint(parameter_numbers.p) +
                ssh._ssh_write_mpint(parameter_numbers.q) +
                ssh._ssh_write_mpint(parameter_numbers.g) +
                ssh._ssh_write_mpint(public_numbers.y)
            )
        elif isinstance(key, ed25519.Ed25519PublicKey):
            raw_bytes = key.public_bytes(serialization.Encoding.Raw,
                                         serialization.PublicFormat.Raw)
            return b"ssh-ed25519 " + base64.b64encode(
                ssh._ssh_write_string(b"ssh-ed25519") +
                ssh._ssh_write_string(raw_bytes)
            )
        elif isinstance(key, ec.EllipticCurvePublicKey):
            public_numbers = key.public_numbers()
            try:
                curve_name = {
                    ec.SECP256R1: b"nistp256",
                    ec.SECP384R1: b"nistp384",
                    ec.SECP521R1: b"nistp521",
                }[type(public_numbers.curve)]
            except KeyError:
                raise ValueError(
                    "Only SECP256R1, SECP384R1, and SECP521R1 curves are "
                    "supported by the SSH public key format"
                )

            point = key.public_bytes(
                serialization.Encoding.X962,
                serialization.PublicFormat.UncompressedPoint
            )
            return b"ecdsa-sha2-" + curve_name + b" " + base64.b64encode(
                ssh._ssh_write_string(b"ecdsa-sha2-" + curve_name) +
                ssh._ssh_write_string(curve_name) +
                ssh._ssh_write_string(point)
            )
        else:
            raise ValueError(
                "OpenSSH encoding is not supported for this key type"
            ) 
Example #17
Source File: backend.py    From teleport with Apache License 2.0 4 votes vote down vote up
def _openssh_public_key_bytes(self, key):
        if isinstance(key, rsa.RSAPublicKey):
            public_numbers = key.public_numbers()
            return b"ssh-rsa " + base64.b64encode(
                ssh._ssh_write_string(b"ssh-rsa") +
                ssh._ssh_write_mpint(public_numbers.e) +
                ssh._ssh_write_mpint(public_numbers.n)
            )
        elif isinstance(key, dsa.DSAPublicKey):
            public_numbers = key.public_numbers()
            parameter_numbers = public_numbers.parameter_numbers
            return b"ssh-dss " + base64.b64encode(
                ssh._ssh_write_string(b"ssh-dss") +
                ssh._ssh_write_mpint(parameter_numbers.p) +
                ssh._ssh_write_mpint(parameter_numbers.q) +
                ssh._ssh_write_mpint(parameter_numbers.g) +
                ssh._ssh_write_mpint(public_numbers.y)
            )
        elif isinstance(key, ed25519.Ed25519PublicKey):
            raw_bytes = key.public_bytes(serialization.Encoding.Raw,
                                         serialization.PublicFormat.Raw)
            return b"ssh-ed25519 " + base64.b64encode(
                ssh._ssh_write_string(b"ssh-ed25519") +
                ssh._ssh_write_string(raw_bytes)
            )
        elif isinstance(key, ec.EllipticCurvePublicKey):
            public_numbers = key.public_numbers()
            try:
                curve_name = {
                    ec.SECP256R1: b"nistp256",
                    ec.SECP384R1: b"nistp384",
                    ec.SECP521R1: b"nistp521",
                }[type(public_numbers.curve)]
            except KeyError:
                raise ValueError(
                    "Only SECP256R1, SECP384R1, and SECP521R1 curves are "
                    "supported by the SSH public key format"
                )

            point = key.public_bytes(
                serialization.Encoding.X962,
                serialization.PublicFormat.UncompressedPoint
            )
            return b"ecdsa-sha2-" + curve_name + b" " + base64.b64encode(
                ssh._ssh_write_string(b"ecdsa-sha2-" + curve_name) +
                ssh._ssh_write_string(curve_name) +
                ssh._ssh_write_string(point)
            )
        else:
            raise ValueError(
                "OpenSSH encoding is not supported for this key type"
            ) 
Example #18
Source File: backend.py    From teleport with Apache License 2.0 4 votes vote down vote up
def _public_key_bytes(self, encoding, format, key, evp_pkey, cdata):
        if not isinstance(encoding, serialization.Encoding):
            raise TypeError("encoding must be an item from the Encoding enum")

        # Compressed/UncompressedPoint are only valid for EC keys and those
        # cases are handled by the ECPublicKey public_bytes method before this
        # method is called
        if format in (serialization.PublicFormat.UncompressedPoint,
                      serialization.PublicFormat.CompressedPoint):
            raise ValueError("Point formats are not valid for this key type")

        # Raw format and encoding are only valid for X25519, Ed25519, X448, and
        # Ed448 keys. We capture those cases before this method is called so if
        # we see those enum values here it means the caller has passed them to
        # a key that doesn't support raw type
        if format is serialization.PublicFormat.Raw:
            raise ValueError("raw format is invalid with this key or encoding")

        if encoding is serialization.Encoding.Raw:
            raise ValueError("raw encoding is invalid with this key or format")

        if (
            format is serialization.PublicFormat.OpenSSH or
            encoding is serialization.Encoding.OpenSSH
        ):
            if (
                format is not serialization.PublicFormat.OpenSSH or
                encoding is not serialization.Encoding.OpenSSH
            ):
                raise ValueError(
                    "OpenSSH format must be used with OpenSSH encoding"
                )
            return self._openssh_public_key_bytes(key)
        elif format is serialization.PublicFormat.SubjectPublicKeyInfo:
            if encoding is serialization.Encoding.PEM:
                write_bio = self._lib.PEM_write_bio_PUBKEY
            else:
                assert encoding is serialization.Encoding.DER
                write_bio = self._lib.i2d_PUBKEY_bio

            key = evp_pkey
        elif format is serialization.PublicFormat.PKCS1:
            # Only RSA is supported here.
            assert self._lib.EVP_PKEY_id(evp_pkey) == self._lib.EVP_PKEY_RSA
            if encoding is serialization.Encoding.PEM:
                write_bio = self._lib.PEM_write_bio_RSAPublicKey
            else:
                assert encoding is serialization.Encoding.DER
                write_bio = self._lib.i2d_RSAPublicKey_bio

            key = cdata
        else:
            raise TypeError(
                "format must be an item from the PublicFormat enum"
            )

        bio = self._create_mem_bio_gc()
        res = write_bio(bio, key)
        self.openssl_assert(res == 1)
        return self._read_mem_bio(bio) 
Example #19
Source File: backend.py    From teleport with Apache License 2.0 4 votes vote down vote up
def _public_key_bytes(self, encoding, format, key, evp_pkey, cdata):
        if not isinstance(encoding, serialization.Encoding):
            raise TypeError("encoding must be an item from the Encoding enum")

        if (
            format is serialization.PublicFormat.OpenSSH or
            encoding is serialization.Encoding.OpenSSH
        ):
            if (
                format is not serialization.PublicFormat.OpenSSH or
                encoding is not serialization.Encoding.OpenSSH
            ):
                raise ValueError(
                    "OpenSSH format must be used with OpenSSH encoding"
                )
            return self._openssh_public_key_bytes(key)
        elif format is serialization.PublicFormat.SubjectPublicKeyInfo:
            if encoding is serialization.Encoding.PEM:
                write_bio = self._lib.PEM_write_bio_PUBKEY
            else:
                assert encoding is serialization.Encoding.DER
                write_bio = self._lib.i2d_PUBKEY_bio

            key = evp_pkey
        elif format is serialization.PublicFormat.PKCS1:
            # Only RSA is supported here.
            assert self._lib.EVP_PKEY_id(evp_pkey) == self._lib.EVP_PKEY_RSA
            if encoding is serialization.Encoding.PEM:
                write_bio = self._lib.PEM_write_bio_RSAPublicKey
            else:
                assert encoding is serialization.Encoding.DER
                write_bio = self._lib.i2d_RSAPublicKey_bio

            key = cdata
        else:
            raise TypeError(
                "format must be an item from the PublicFormat enum"
            )

        bio = self._create_mem_bio_gc()
        res = write_bio(bio, key)
        self.openssl_assert(res == 1)
        return self._read_mem_bio(bio) 
Example #20
Source File: backend.py    From Safejumper-for-Desktop with GNU General Public License v2.0 4 votes vote down vote up
def _public_key_bytes(self, encoding, format, key, evp_pkey, cdata):
        if not isinstance(encoding, serialization.Encoding):
            raise TypeError("encoding must be an item from the Encoding enum")

        if (
            format is serialization.PublicFormat.OpenSSH or
            encoding is serialization.Encoding.OpenSSH
        ):
            if (
                format is not serialization.PublicFormat.OpenSSH or
                encoding is not serialization.Encoding.OpenSSH
            ):
                raise ValueError(
                    "OpenSSH format must be used with OpenSSH encoding"
                )
            return self._openssh_public_key_bytes(key)
        elif format is serialization.PublicFormat.SubjectPublicKeyInfo:
            if encoding is serialization.Encoding.PEM:
                write_bio = self._lib.PEM_write_bio_PUBKEY
            else:
                assert encoding is serialization.Encoding.DER
                write_bio = self._lib.i2d_PUBKEY_bio

            key = evp_pkey
        elif format is serialization.PublicFormat.PKCS1:
            # Only RSA is supported here.
            assert self._lib.EVP_PKEY_id(evp_pkey) == self._lib.EVP_PKEY_RSA
            if encoding is serialization.Encoding.PEM:
                write_bio = self._lib.PEM_write_bio_RSAPublicKey
            else:
                assert encoding is serialization.Encoding.DER
                write_bio = self._lib.i2d_RSAPublicKey_bio

            key = cdata
        else:
            raise TypeError(
                "format must be an item from the PublicFormat enum"
            )

        bio = self._create_mem_bio_gc()
        res = write_bio(bio, key)
        self.openssl_assert(res == 1)
        return self._read_mem_bio(bio)