Stowage/pycryptodome
2
0
Fork 0
mirror of https://github.com/Legrandin/pycryptodome.git synced 2025-12-08 05:19:46 +00:00
Code Issues Projects Releases Packages Wiki Activity

Export ECC private keys

Browse source
This commit is contained in:
Legrandin 2016-01-27 08:44:43 +01:00
parent c7b491de3f
commit c67b7a1752
25 changed files with 379 additions and 49 deletions
Download patch file Download diff file Expand all files Collapse all files

2
lib/Crypto/IO/PEM.py
View file

@ -157,7 +157,7 @@ def decode(pem_data, passphrase=None):
key = PBKDF1(passphrase, salt[:8], 16, 1, MD5) key = PBKDF1(passphrase, salt[:8], 16, 1, MD5)
objdec = AES.new(key, AES.MODE_CBC, salt) objdec = AES.new(key, AES.MODE_CBC, salt)
else: else:
raise ValueError("Unsupport PEM encryption algorithm.") raise ValueError("Unsupport PEM encryption algorithm (%s)." % algo)
lines = lines[2:] lines = lines[2:]
else: else:
objdec = None objdec = None

4
lib/Crypto/Protocol/KDF.py
View file

@ -86,8 +86,8 @@ def PBKDF1(password, salt, dkLen, count=1000, hashAlgo=None):
digest = pHash.digest_size digest = pHash.digest_size
if dkLen>digest: if dkLen>digest:
raise TypeError("Selected hash algorithm has a too short digest (%d bytes)." % digest) raise TypeError("Selected hash algorithm has a too short digest (%d bytes)." % digest)
if len(salt)!=8: if len(salt) != 8:
raise ValueError("Salt is not 8 bytes long.") raise ValueError("Salt is not 8 bytes long (%d bytes instead)." % len(salt))
for i in xrange(count-1): for i in xrange(count-1):
pHash = pHash.new(pHash.digest()) pHash = pHash.new(pHash.digest())
return pHash.digest()[:dkLen] return pHash.digest()[:dkLen]

145
lib/Crypto/PublicKey/ECC.py
View file

@ -31,7 +31,7 @@
import struct import struct
import binascii import binascii
from Crypto.Util.py3compat import bord, tobytes, b, tostr from Crypto.Util.py3compat import bord, tobytes, b, tostr, bchr
from Crypto.Math.Numbers import Integer from Crypto.Math.Numbers import Integer
from Crypto.Random import get_random_bytes from Crypto.Random import get_random_bytes
@ -40,6 +40,7 @@ from Crypto.Util.asn1 import (DerObjectId, DerOctetString, DerSequence,
from Crypto.IO import PKCS8, PEM from Crypto.IO import PKCS8, PEM
from Crypto.PublicKey import (_expand_subject_public_key_info, from Crypto.PublicKey import (_expand_subject_public_key_info,
_create_subject_public_key_info,
_extract_subject_public_key_info) _extract_subject_public_key_info)
@ -321,6 +322,148 @@ class EccKey(object):
def public_key(self): def public_key(self):
return EccKey(curve="P-256", point=self.pointQ) return EccKey(curve="P-256", point=self.pointQ)
def _export_subjectPublicKeyInfo(self):
# Uncompressed form
order_bytes = _curve.order.size_in_bytes()
public_key = (bchr(4) +
self.pointQ.x.to_bytes(order_bytes) +
self.pointQ.y.to_bytes(order_bytes))
unrestricted_oid = "1.2.840.10045.2.1"
return _create_subject_public_key_info(unrestricted_oid,
public_key,
DerObjectId(_curve.oid))
def _export_private_der(self, include_ec_params=True):
assert self.has_private()
# ECPrivateKey ::= SEQUENCE {
# version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
# privateKey OCTET STRING,
# parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
# publicKey [1] BIT STRING OPTIONAL
# }
# Public key - uncompressed form
order_bytes = _curve.order.size_in_bytes()
public_key = (bchr(4) +
self.pointQ.x.to_bytes(order_bytes) +
self.pointQ.y.to_bytes(order_bytes))
seq = [1,
DerOctetString(self.d.to_bytes(order_bytes)),
DerObjectId(_curve.oid, explicit=0),
DerBitString(public_key, explicit=1)]
if not include_ec_params:
del seq[2]
return DerSequence(seq).encode()
def _export_pkcs8(self, **kwargs):
if kwargs.get('passphrase', None) is not None and 'protection' not in kwargs:
raise ValueError("At least the 'protection' parameter should be present")
unrestricted_oid = "1.2.840.10045.2.1"
private_key = self._export_private_der(include_ec_params=False)
result = PKCS8.wrap(private_key,
unrestricted_oid,
key_params=DerObjectId(_curve.oid),
**kwargs)
return result
def _export_public_pem(self):
encoded_der = self._export_subjectPublicKeyInfo()
return PEM.encode(encoded_der, "PUBLIC KEY")
def _export_private_pem(self, passphrase):
encoded_der = self._export_private_der()
return PEM.encode(encoded_der, "EC PRIVATE KEY", passphrase)
def _export_private_clear_pkcs8_in_clear_pem(self):
encoded_der = self._export_pkcs8()
return PEM.encode(encoded_der, "PRIVATE KEY")
def _export_private_encrypted_pkcs8_in_clear_pem(self, passphrase, **kwargs):
assert passphrase
if 'protection' not in kwargs:
raise ValueError("At least the 'protection' parameter should be present")
encoded_der = self._export_pkcs8(passphrase=passphrase, **kwargs)
return PEM.encode(encoded_der, "ENCRYPTED PRIVATE KEY")
def export_key(self, **kwargs):
"""Export this ECC key.
:Keywords:
format : string
The format to use for wrapping the key:
- *'DER'*. The key will be encoded in an ASN.1 `DER`_ stucture (binary).
- *'PEM'*. The key will be encoded in a `PEM`_ envelope (ASCII).
passphrase : byte string or string
The passphrase to use for protecting the private key.
*If not provided, the private key will remain in clear form!*
use_pkcs8 : boolean
In case of a private key, whether the `PKCS#8`_ representation
should be (internally) used. By default it will.
Not using PKCS#8 when exporting a private key in
password-protected PEM form means that the much weaker and
unflexible `PEM encryption`_ mechanism will be used.
Using PKCS#8 is therefore always recommended.
protection : string
In case of a private key being exported with password-protection
and PKCS#8 (both ``DER`` and ``PEM``), this parameter MUST be
present and be a valid algorithm supported by `Crypto.IO.PKCS8`.
It is recommended to use ``PBKDF2WithHMAC-SHA1AndAES128-CBC``.
In case of a private key being exported with password-protection
and PKCS#8 (both ``DER`` and ``PEM``), all additional parameters
will be passed to `Crypto.IO.PKCS8`.
.. _DER: http://www.ietf.org/rfc/rfc5915.txt
.. _PEM: http://www.ietf.org/rfc/rfc1421.txt
.. _`PEM encryption`: http://www.ietf.org/rfc/rfc1423.txt
.. _PKCS#8: http://www.ietf.org/rfc/rfc5208.txt
:Return: A string (for PEM) or a byte string (for DER) with the encoded key.
"""
args = kwargs.copy()
ext_format = args.pop("format")
if ext_format not in ("PEM", "DER"):
raise ValueError("Unknown format '%s'" % ext_format)
if self.has_private():
passphrase = args.pop("passphrase", None)
if isinstance(passphrase, basestring):
passphrase = tobytes(passphrase)
use_pkcs8 = args.pop("use_pkcs8", True)
if ext_format == "PEM":
if use_pkcs8:
if passphrase:
return self._export_private_encrypted_pkcs8_in_clear_pem(passphrase, **args)
else:
return self._export_private_clear_pkcs8_in_clear_pem()
else:
return self._export_private_pem(passphrase)
else:
# DER
if passphrase and not use_pkcs8:
raise ValueError("Private keys can only be encrpyted with DER using PKCS#8")
if use_pkcs8:
return self._export_pkcs8(passphrase=passphrase, **args)
else:
return self._export_private_der()
else: # Public key
if ext_format == "PEM":
return self._export_public_pem()
else:
return self._export_subjectPublicKeyInfo()
def generate(**kwargs): def generate(**kwargs):
"""Generate a new private key on the given curve. """Generate a new private key on the given curve.

3
lib/Crypto/SelfTest/PublicKey/__init__.py
View file

@ -40,6 +40,9 @@ def get_tests(config={}):
from Crypto.SelfTest.PublicKey import test_import_RSA from Crypto.SelfTest.PublicKey import test_import_RSA
tests += test_import_RSA.get_tests(config=config) tests += test_import_RSA.get_tests(config=config)
from Crypto.SelfTest.PublicKey import test_import_ECC
tests += test_import_ECC.get_tests(config=config)
from Crypto.SelfTest.PublicKey import test_ElGamal; tests += test_ElGamal.get_tests(config=config) from Crypto.SelfTest.PublicKey import test_ElGamal; tests += test_ElGamal.get_tests(config=config)
return tests return tests

159
lib/Crypto/SelfTest/PublicKey/test_import_ECC.py
View file

@ -36,15 +36,14 @@ from Crypto.Util.number import bytes_to_long
from Crypto.PublicKey import ECC from Crypto.PublicKey import ECC
def load_file(filename, mode="rb"):
def load_file(filename):
fd = open(pycryptodome_filename([ fd = open(pycryptodome_filename([
"Crypto", "Crypto",
"SelfTest", "SelfTest",
"PublicKey", "PublicKey",
"test_vectors", "test_vectors",
"ECC", "ECC",
], filename), "rb") ], filename), mode)
return fd.read() return fd.read()
@ -104,7 +103,13 @@ class TestImport(unittest.TestCase):
key = ECC.import_key(key_file) key = ECC.import_key(key_file)
self.assertEqual(ref_private, key) self.assertEqual(ref_private, key)
def test_import_private_pkcs8_encrypted(self): def test_import_private_pkcs8_in_pem_clear(self):
key_file = load_file("ecc_p256_private_p8_clear.pem")
key = ECC.import_key(key_file)
self.assertEqual(ref_private, key)
def test_import_private_pkcs8_encrypted_1(self):
key_file = load_file("ecc_p256_private_p8.der") key_file = load_file("ecc_p256_private_p8.der")
key = ECC._import_der(key_file, "secret") key = ECC._import_der(key_file, "secret")
@ -113,6 +118,12 @@ class TestImport(unittest.TestCase):
key = ECC.import_key(key_file, "secret") key = ECC.import_key(key_file, "secret")
self.assertEqual(ref_private, key) self.assertEqual(ref_private, key)
def test_import_private_pkcs8_encrypted_2(self):
key_file = load_file("ecc_p256_private_p8.pem")
key = ECC.import_key(key_file, "secret")
self.assertEqual(ref_private, key)
def test_import_x509_der(self): def test_import_x509_der(self):
key_file = load_file("ecc_p256_x509.der") key_file = load_file("ecc_p256_x509.der")
@ -135,13 +146,14 @@ class TestImport(unittest.TestCase):
self.assertEqual(ref_private, key) self.assertEqual(ref_private, key)
def test_import_private_pem_encrypted(self): def test_import_private_pem_encrypted(self):
key_file = load_file("ecc_p256_private_enc.pem") for algo in "des3", : # TODO: , "aes128", "aes192", "aes256_gcm":
key_file = load_file("ecc_p256_private_enc_%s.pem" % algo)
key = ECC.import_key(key_file, "secret") key = ECC.import_key(key_file, "secret")
self.assertEqual(ref_private, key) self.assertEqual(ref_private, key)
key = ECC.import_key(tostr(key_file), b("secret")) key = ECC.import_key(tostr(key_file), b("secret"))
self.assertEqual(ref_private, key) self.assertEqual(ref_private, key)
def test_import_x509_pem(self): def test_import_x509_pem(self):
key_file = load_file("ecc_p256_x509.pem") key_file = load_file("ecc_p256_x509.pem")
@ -159,9 +171,138 @@ class TestImport(unittest.TestCase):
self.assertEqual(ref_public, key) self.assertEqual(ref_public, key)
class TestExport(unittest.TestCase):
def test_export_public_der(self):
key_file = load_file("ecc_p256_public.der")
encoded = ref_public._export_subjectPublicKeyInfo()
self.assertEqual(key_file, encoded)
# ---
encoded = ref_public.export_key(format="DER")
self.assertEqual(key_file, encoded)
def test_export_private_der(self):
key_file = load_file("ecc_p256_private.der")
encoded = ref_private._export_private_der()
self.assertEqual(key_file, encoded)
# ---
encoded = ref_private.export_key(format="DER", use_pkcs8=False)
self.assertEqual(key_file, encoded)
def test_export_private_pkcs8_clear(self):
key_file = load_file("ecc_p256_private_p8_clear.der")
encoded = ref_private._export_pkcs8()
self.assertEqual(key_file, encoded)
# ---
encoded = ref_private.export_key(format="DER")
self.assertEqual(key_file, encoded)
def test_export_private_pkcs8_encrypted(self):
encoded = ref_private._export_pkcs8(passphrase="secret",
protection="PBKDF2WithHMAC-SHA1AndAES128-CBC")
# This should prove that the output is password-protected
self.assertRaises(ValueError, ECC._import_pkcs8, encoded, None)
decoded = ECC._import_pkcs8(encoded, "secret")
self.assertEqual(ref_private, decoded)
# ---
encoded = ref_private.export_key(format="DER",
passphrase="secret",
protection="PBKDF2WithHMAC-SHA1AndAES128-CBC")
decoded = ECC.import_key(encoded, "secret")
self.assertEqual(ref_private, decoded)
def test_export_public_pem(self):
key_file = load_file("ecc_p256_public.pem", "rt").strip()
encoded = ref_private._export_public_pem()
self.assertEqual(key_file, encoded)
# ---
encoded = ref_public.export_key(format="PEM")
self.assertEqual(key_file, encoded)
def test_export_private_pem_clear(self):
key_file = load_file("ecc_p256_private.pem", "rt").strip()
encoded = ref_private._export_private_pem(None)
self.assertEqual(key_file, encoded)
# ---
encoded = ref_private.export_key(format="PEM", use_pkcs8=False)
self.assertEqual(key_file, encoded)
def test_export_private_pem_encrypted(self):
encoded = ref_private._export_private_pem(passphrase=b("secret"))
# This should prove that the output is password-protected
self.assertRaises(ValueError, ECC.import_key, encoded)
assert "EC PRIVATE KEY" in encoded
decoded = ECC.import_key(encoded, "secret")
self.assertEqual(ref_private, decoded)
# ---
encoded = ref_private.export_key(format="PEM",
passphrase="secret",
use_pkcs8=False)
decoded = ECC.import_key(encoded, "secret")
self.assertEqual(ref_private, decoded)
def test_export_private_pkcs8_and_pem_1(self):
# PKCS8 inside PEM with both unencrypted
key_file = load_file("ecc_p256_private_p8_clear.pem", "rt").strip()
encoded = ref_private._export_private_clear_pkcs8_in_clear_pem()
self.assertEqual(key_file, encoded)
# ---
encoded = ref_private.export_key(format="PEM")
self.assertEqual(key_file, encoded)
def test_export_private_pkcs8_and_pem_2(self):
# PKCS8 inside PEM with PKCS8 encryption
encoded = ref_private._export_private_encrypted_pkcs8_in_clear_pem("secret",
protection="PBKDF2WithHMAC-SHA1AndAES128-CBC")
# This should prove that the output is password-protected
self.assertRaises(ValueError, ECC.import_key, encoded)
assert "ENCRYPTED PRIVATE KEY" in encoded
decoded = ECC.import_key(encoded, "secret")
self.assertEqual(ref_private, decoded)
# ---
encoded = ref_private.export_key(format="PEM",
passphrase="secret",
protection="PBKDF2WithHMAC-SHA1AndAES128-CBC")
decoded = ECC.import_key(encoded, "secret")
self.assertEqual(ref_private, decoded)
def get_tests(config={}): def get_tests(config={}):
tests = [] tests = []
tests += list_test_cases(TestImport) tests += list_test_cases(TestImport)
tests += list_test_cases(TestExport)
return tests return tests
if __name__ == '__main__': if __name__ == '__main__':

23
lib/Crypto/SelfTest/PublicKey/test_vectors/ECC/ecc_p256.txt
View file

@ -1,17 +1,18 @@
Private-Key: (256 bit) Private-Key: (256 bit)
priv: priv:
45:9d:80:12:e6:e6:f8:04:48:d0:4e:cd:ef:aa:a9: 5c:4e:43:20:ef:26:0f:91:ed:9f:c5:97:ae:e9:8c:
0d:9a:0d:60:d1:0f:a7:06:58:60:b6:ac:e3:89:10: 82:36:b6:0e:0c:ed:69:2c:c7:a0:57:d5:e4:57:98:
b0:0e a0:52
pub: pub:
04:52:b6:00:8e:a3:3f:a7:18:cf:d7:ad:d7:7d:b2: 04:a4:0a:d5:9a:20:50:eb:e9:24:79:bd:5f:b1:6b:
74:4b:43:02:b4:83:a3:ce:f2:0e:b3:5b:1c:77:c3: b2:e4:5b:64:65:eb:3c:b2:b1:ef:fe:42:3f:ab:e6:
f5:d0:79:85:c3:c7:6b:80:7f:57:9c:93:f4:17:1a: cb:74:24:db:82:19:ef:0b:ab:80:ac:f2:6f:d7:05:
5d:80:b5:9c:8b:e2:d1:21:c7:2b:c7:2a:15:f3:62: 95:b6:1f:e4:76:0d:33:ee:d8:0d:d0:3d:2f:d0:df:
68:fc:e5:83:1e b2:7b:8c:e7:5c
ASN1 OID: prime256v1 ASN1 OID: prime256v1
NIST CURVE: P-256
-----BEGIN EC PRIVATE KEY----- -----BEGIN EC PRIVATE KEY-----
MHcCAQEEIEWdgBLm5vgESNBOze+qqQ2aDWDRD6cGWGC2rOOJELAOoAoGCCqGSM49 MHcCAQEEIFxOQyDvJg+R7Z/Fl67pjII2tg4M7Wksx6BX1eRXmKBSoAoGCCqGSM49
AwEHoUQDQgAEUrYAjqM/pxjP163XfbJ0S0MCtIOjzvIOs1scd8P10HmFw8drgH9X AwEHoUQDQgAEpArVmiBQ6+kkeb1fsWuy5FtkZes8srHv/kI/q+bLdCTbghnvC6uA
nJP0FxpdgLWci+LRIccrxyoV82Jo/OWDHg== rPJv1wWVth/kdg0z7tgN0D0v0N+ye4znXA==
-----END EC PRIVATE KEY----- -----END EC PRIVATE KEY-----

BIN
lib/Crypto/SelfTest/PublicKey/test_vectors/ECC/ecc_p256_private.der
View file

Binary file not shown.

6
lib/Crypto/SelfTest/PublicKey/test_vectors/ECC/ecc_p256_private.pem
View file

@ -1,5 +1,5 @@
-----BEGIN EC PRIVATE KEY----- -----BEGIN EC PRIVATE KEY-----
MHcCAQEEIEWdgBLm5vgESNBOze+qqQ2aDWDRD6cGWGC2rOOJELAOoAoGCCqGSM49 MHcCAQEEIFxOQyDvJg+R7Z/Fl67pjII2tg4M7Wksx6BX1eRXmKBSoAoGCCqGSM49
AwEHoUQDQgAEUrYAjqM/pxjP163XfbJ0S0MCtIOjzvIOs1scd8P10HmFw8drgH9X AwEHoUQDQgAEpArVmiBQ6+kkeb1fsWuy5FtkZes8srHv/kI/q+bLdCTbghnvC6uA
nJP0FxpdgLWci+LRIccrxyoV82Jo/OWDHg== rPJv1wWVth/kdg0z7tgN0D0v0N+ye4znXA==
-----END EC PRIVATE KEY----- -----END EC PRIVATE KEY-----

8
lib/Crypto/SelfTest/PublicKey/test_vectors/ECC/ecc_p256_private_enc.pem
View file

@ -1,8 +0,0 @@
-----BEGIN EC PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,EA88103B4EDF248D
tfTA9oFyGvF0T7wGcd/yZLEJJpgm6IW4I5B9u5mJ4Bs8yX8ejn0RHz7oGa4Ny2mV
r8Mnz3zsOMHGloKJVZc5wbQCPwgeOIh+0m8hKTWFy9RvMsfgj+WnA6m/HgHz/Ng5
pj1XvrbS+RCEjTapVmFncnHn8vTUdMJn6UXjSMs6+9U=
-----END EC PRIVATE KEY-----

8
lib/Crypto/SelfTest/PublicKey/test_vectors/ECC/ecc_p256_private_enc_aes128.pem Normal file
View file

@ -0,0 +1,8 @@
-----BEGIN EC PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,288614CF0887BAE11B8B660C3CA24139
7Jy/LNIYkloV8x1LVRjy59phEtKrli8ySiFDf6nIBtAmt/WLoZijmCMJ7VTXVXNq
lyruBM2t4At/0EFI3CSQKxFvsnHDwHL9WYEDPC+gQ/Xy8j2JU0IAM+BuasjHAgXw
tq0sJUnRh+xNiI2FotEBC8S194M+lp3RkBZwoBlk3w0=
-----END EC PRIVATE KEY-----

8
lib/Crypto/SelfTest/PublicKey/test_vectors/ECC/ecc_p256_private_enc_aes192.pem Normal file
View file

@ -0,0 +1,8 @@
-----BEGIN EC PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-192-CBC,82AE4C810C9CF67736F256DEDFD6908E
gWOVzIDfiMQuIvOQ2m5BWQRWYL7DMb2Mbz4GO8ovBHMNOkMAdi0GhanI+dpQyjtw
V9zYBjbqtpMGzACusVYFxvkE9VOb1tj+QphG09Nv4/oUNXBdx1RDxrvntaB/Uskj
0zIDV/7D9esLIPTiBtwy62ZAc5Pxk88IG/Z2nGvJZMg=
-----END EC PRIVATE KEY-----

8
lib/Crypto/SelfTest/PublicKey/test_vectors/ECC/ecc_p256_private_enc_aes256_gcm.pem Normal file
View file

@ -0,0 +1,8 @@
-----BEGIN EC PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: id-aes256-GCM,4071BCFFB5B7CE18CEBFE901
oh6vdMD9bkUvRwtaBkYz6MMWCtjE2GvIKx+diG8XxzakcFzVIqXlDXfEcVIs6Vis
LFofIdBHElQxRUTnCCkb21pmly6v0ZLDugwMWNz6ichaie1gXqi+JwjPe2Ju5aro
UNeOPqFlVkCeEvHxE3eR1vqlDBLar9VwtA==
-----END EC PRIVATE KEY-----

8
lib/Crypto/SelfTest/PublicKey/test_vectors/ECC/ecc_p256_private_enc_des3.pem Normal file
View file

@ -0,0 +1,8 @@
-----BEGIN EC PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,7E383189A0521324
GT+hvDACAQAq8mD20yQFuQo5Gfg3gPJbZSErmgtdMa5xRLzPEWFnP1yOfZFIgVhn
HKLNhgrfbNRh3Ij/DcC6gQ+/35Ts9r+4KLMP6qXuEEfQGTCRu0JQbbMCheN7iNM1
8ji47sMaVPJPLrBbD6bPcUl8Tfv0+Xiikvxia5NjqAE=
-----END EC PRIVATE KEY-----

BIN
lib/Crypto/SelfTest/PublicKey/test_vectors/ECC/ecc_p256_private_p8.der
View file

Binary file not shown.

6
lib/Crypto/SelfTest/PublicKey/test_vectors/ECC/ecc_p256_private_p8.pem Normal file
View file

@ -0,0 +1,6 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIGwMBsGCSqGSIb3DQEFAzAOBAjtAa3UT6r2WAICCAAEgZA1MjDX/jkmLeNTlbCK
oDJPqo9OzHoZInlg4diuvId3uAPxyYnMuwTJvCSklOPXQLkgpYsYRF3YgNBuGAld
VQvWcbfwX1eQSqOx6FBCWJgXpWLhlI9qViRDYNQfyam8Xszq7tOdsOdJhSuA+YCt
5mBj57E8tUNLLR6P3lAUIM8WJBlxOWyR0EqdM5vcxYIzzTM=
-----END ENCRYPTED PRIVATE KEY-----

BIN
lib/Crypto/SelfTest/PublicKey/test_vectors/ECC/ecc_p256_private_p8_clear.der
View file

Binary file not shown.

5
lib/Crypto/SelfTest/PublicKey/test_vectors/ECC/ecc_p256_private_p8_clear.pem Normal file
View file

@ -0,0 +1,5 @@
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgXE5DIO8mD5Htn8WX
rumMgja2DgztaSzHoFfV5FeYoFKhRANCAASkCtWaIFDr6SR5vV+xa7LkW2Rl6zyy
se/+Qj+r5st0JNuCGe8Lq4Cs8m/XBZW2H+R2DTPu2A3QPS/Q37J7jOdc
-----END PRIVATE KEY-----

BIN
lib/Crypto/SelfTest/PublicKey/test_vectors/ECC/ecc_p256_public.der
View file

Binary file not shown.

4
lib/Crypto/SelfTest/PublicKey/test_vectors/ECC/ecc_p256_public.pem
View file

@ -1,4 +1,4 @@
-----BEGIN PUBLIC KEY----- -----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEUrYAjqM/pxjP163XfbJ0S0MCtIOj MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEpArVmiBQ6+kkeb1fsWuy5FtkZes8
zvIOs1scd8P10HmFw8drgH9XnJP0FxpdgLWci+LRIccrxyoV82Jo/OWDHg== srHv/kI/q+bLdCTbghnvC6uArPJv1wWVth/kdg0z7tgN0D0v0N+ye4znXA==
-----END PUBLIC KEY----- -----END PUBLIC KEY-----

2
lib/Crypto/SelfTest/PublicKey/test_vectors/ECC/ecc_p256_public_openssh.txt
View file

@ -1 +1 @@
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFK2AI6jP6cYz9et132ydEtDArSDo87yDrNbHHfD9dB5hcPHa4B/V5yT9BcaXYC1nIvi0SHHK8cqFfNiaPzlgx4= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKQK1ZogUOvpJHm9X7FrsuRbZGXrPLKx7/5CP6vmy3Qk24IZ7wurgKzyb9cFlbYf5HYNM+7YDdA9L9DfsnuM51w=

BIN
lib/Crypto/SelfTest/PublicKey/test_vectors/ECC/ecc_p256_x509.der
View file

Binary file not shown.

18
lib/Crypto/SelfTest/PublicKey/test_vectors/ECC/ecc_p256_x509.pem
View file

@ -1,11 +1,11 @@
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIBjDCCATOgAwIBAgIJAPrO0O+wI55GMAoGCCqGSM49BAMCMCMxCzAJBgNVBAYT MIIBjTCCATOgAwIBAgIJAJtI7kH/tXlvMAoGCCqGSM49BAMCMCMxCzAJBgNVBAYT
AkdCMRQwEgYDVQQDDAtleGFtcGxlLmNvbTAeFw0xNjAxMjYxMDExMzVaFw0xNzAx AkdCMRQwEgYDVQQDDAtleGFtcGxlLmNvbTAeFw0xNjAxMzAwNjMyNTBaFw0xNzAx
MjUxMDExMzVaMCMxCzAJBgNVBAYTAkdCMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZ MjkwNjMyNTBaMCMxCzAJBgNVBAYTAkdCMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZ
MBMGByqGSM49AgEGCCqGSM49AwEHA0IABFK2AI6jP6cYz9et132ydEtDArSDo87y MBMGByqGSM49AgEGCCqGSM49AwEHA0IABKQK1ZogUOvpJHm9X7FrsuRbZGXrPLKx
DrNbHHfD9dB5hcPHa4B/V5yT9BcaXYC1nIvi0SHHK8cqFfNiaPzlgx6jUDBOMB0G 7/5CP6vmy3Qk24IZ7wurgKzyb9cFlbYf5HYNM+7YDdA9L9DfsnuM51yjUDBOMB0G
A1UdDgQWBBThtRG8Ag+gEOOWZ+v5bced1kX42DAfBgNVHSMEGDAWgBThtRG8Ag+g A1UdDgQWBBSv2v+sOg8Z+VTAJk5ob4nDRS1+jjAfBgNVHSMEGDAWgBSv2v+sOg8Z
EOOWZ+v5bced1kX42DAMBgNVHRMEBTADAQH/MAoGCCqGSM49BAMCA0cAMEQCIDCp +VTAJk5ob4nDRS1+jjAMBgNVHRMEBTADAQH/MAoGCCqGSM49BAMCA0gAMEUCID3r
n1AKXf+jleMrvKB2eMYk5eoZQrfbK18gaFyfsUjSAiAOIDPP9mv9z5bKpwrWxLaW ARj3nfwBK4uE3BmlGKjaH5JR3e9iEac7BT93W6hOAiEAuNZxsvUpadoB4SqurLVg
kw+y4SnrXU4N0aHUWICFyA== lrdvw9wpYr8JTq7q2KUIQes=
-----END CERTIFICATE----- -----END CERTIFICATE-----

9
lib/Crypto/SelfTest/PublicKey/test_vectors/ECC/gen_ecc_p256.sh
View file

@ -3,15 +3,22 @@
set -e set -e
set -x set -x
openssl version | tee openssl_version.txt
# Private key # Private key
openssl ecparam -name prime256v1 -genkey -noout -conv_form uncompressed -out ecc_p256_private.pem openssl ecparam -name prime256v1 -genkey -noout -conv_form uncompressed -out ecc_p256_private.pem
openssl ec -in ecc_p256_private.pem -outform DER -out ecc_p256_private.der openssl ec -in ecc_p256_private.pem -outform DER -out ecc_p256_private.der
openssl pkcs8 -in ecc_p256_private.der -inform DER -out ecc_p256_private_p8_clear.der -outform DER -nocrypt -topk8 openssl pkcs8 -in ecc_p256_private.der -inform DER -out ecc_p256_private_p8_clear.der -outform DER -nocrypt -topk8
openssl pkcs8 -in ecc_p256_private.der -inform DER -out ecc_p256_private_p8_clear.pem -outform PEM -nocrypt -topk8
openssl ec -in ecc_p256_private.pem -text -out ecc_p256.txt openssl ec -in ecc_p256_private.pem -text -out ecc_p256.txt
# Encrypted private key # Encrypted private key
openssl pkcs8 -in ecc_p256_private.der -inform DER -passout 'pass:secret' -out ecc_p256_private_p8.der -outform DER -topk8 openssl pkcs8 -in ecc_p256_private.der -inform DER -passout 'pass:secret' -out ecc_p256_private_p8.der -outform DER -topk8
openssl ec -in ecc_p256_private.pem -des3 -out ecc_p256_private_enc.pem -passout 'pass:secret' -outform PEM openssl pkcs8 -in ecc_p256_private.der -inform DER -passout 'pass:secret' -out ecc_p256_private_p8.pem -outform PEM -topk8
openssl ec -in ecc_p256_private.pem -des3 -out ecc_p256_private_enc_des3.pem -passout 'pass:secret' -outform PEM
openssl ec -in ecc_p256_private.pem -aes128 -out ecc_p256_private_enc_aes128.pem -passout 'pass:secret' -outform PEM
openssl ec -in ecc_p256_private.pem -aes192 -out ecc_p256_private_enc_aes192.pem -passout 'pass:secret' -outform PEM
openssl ec -in ecc_p256_private.pem -aes-256-gcm -out ecc_p256_private_enc_aes256_gcm.pem -passout 'pass:secret' -outform PEM
# Public key # Public key
openssl ec -in ecc_p256_private.pem -pubout -out ecc_p256_public.pem openssl ec -in ecc_p256_private.pem -pubout -out ecc_p256_public.pem

1
lib/Crypto/SelfTest/PublicKey/test_vectors/ECC/openssl_version.txt Normal file
View file

@ -0,0 +1 @@
OpenSSL 1.0.2e-fips 3 Dec 2015

1
lib/Crypto/__init__.py
View file

@ -45,4 +45,3 @@ __all__ = ['Cipher', 'Hash', 'Protocol', 'PublicKey', 'Util', 'Signature',
'IO', 'Math'] 'IO', 'Math']
version_info = (3, 4, "rc1") version_info = (3, 4, "rc1")