| Index: third_party/tlslite/tlslite/utils/RSAKey.py
|
| diff --git a/third_party/tlslite/tlslite/utils/RSAKey.py b/third_party/tlslite/tlslite/utils/RSAKey.py
|
| deleted file mode 100644
|
| index 1b917428f595e316d6c68098f53bd8c4b0594740..0000000000000000000000000000000000000000
|
| --- a/third_party/tlslite/tlslite/utils/RSAKey.py
|
| +++ /dev/null
|
| @@ -1,264 +0,0 @@
|
| -"""Abstract class for RSA."""
|
| -
|
| -from cryptomath import *
|
| -
|
| -
|
| -class RSAKey:
|
| - """This is an abstract base class for RSA keys.
|
| -
|
| - Particular implementations of RSA keys, such as
|
| - L{OpenSSL_RSAKey.OpenSSL_RSAKey},
|
| - L{Python_RSAKey.Python_RSAKey}, and
|
| - L{PyCrypto_RSAKey.PyCrypto_RSAKey},
|
| - inherit from this.
|
| -
|
| - To create or parse an RSA key, don't use one of these classes
|
| - directly. Instead, use the factory functions in
|
| - L{tlslite.utils.keyfactory}.
|
| - """
|
| -
|
| - def __init__(self, n=0, e=0):
|
| - """Create a new RSA key.
|
| -
|
| - If n and e are passed in, the new key will be initialized.
|
| -
|
| - @type n: int
|
| - @param n: RSA modulus.
|
| -
|
| - @type e: int
|
| - @param e: RSA public exponent.
|
| - """
|
| - raise NotImplementedError()
|
| -
|
| - def __len__(self):
|
| - """Return the length of this key in bits.
|
| -
|
| - @rtype: int
|
| - """
|
| - return numBits(self.n)
|
| -
|
| - def hasPrivateKey(self):
|
| - """Return whether or not this key has a private component.
|
| -
|
| - @rtype: bool
|
| - """
|
| - raise NotImplementedError()
|
| -
|
| - def hash(self):
|
| - """Return the cryptoID <keyHash> value corresponding to this
|
| - key.
|
| -
|
| - @rtype: str
|
| - """
|
| - raise NotImplementedError()
|
| -
|
| - def getSigningAlgorithm(self):
|
| - """Return the cryptoID sigAlgo value corresponding to this key.
|
| -
|
| - @rtype: str
|
| - """
|
| - return "pkcs1-sha1"
|
| -
|
| - def hashAndSign(self, bytes):
|
| - """Hash and sign the passed-in bytes.
|
| -
|
| - This requires the key to have a private component. It performs
|
| - a PKCS1-SHA1 signature on the passed-in data.
|
| -
|
| - @type bytes: str or L{array.array} of unsigned bytes
|
| - @param bytes: The value which will be hashed and signed.
|
| -
|
| - @rtype: L{array.array} of unsigned bytes.
|
| - @return: A PKCS1-SHA1 signature on the passed-in data.
|
| - """
|
| - if not isinstance(bytes, type("")):
|
| - bytes = bytesToString(bytes)
|
| - hashBytes = stringToBytes(sha.sha(bytes).digest())
|
| - prefixedHashBytes = self._addPKCS1SHA1Prefix(hashBytes)
|
| - sigBytes = self.sign(prefixedHashBytes)
|
| - return sigBytes
|
| -
|
| - def hashAndVerify(self, sigBytes, bytes):
|
| - """Hash and verify the passed-in bytes with the signature.
|
| -
|
| - This verifies a PKCS1-SHA1 signature on the passed-in data.
|
| -
|
| - @type sigBytes: L{array.array} of unsigned bytes
|
| - @param sigBytes: A PKCS1-SHA1 signature.
|
| -
|
| - @type bytes: str or L{array.array} of unsigned bytes
|
| - @param bytes: The value which will be hashed and verified.
|
| -
|
| - @rtype: bool
|
| - @return: Whether the signature matches the passed-in data.
|
| - """
|
| - if not isinstance(bytes, type("")):
|
| - bytes = bytesToString(bytes)
|
| - hashBytes = stringToBytes(sha.sha(bytes).digest())
|
| - prefixedHashBytes = self._addPKCS1SHA1Prefix(hashBytes)
|
| - return self.verify(sigBytes, prefixedHashBytes)
|
| -
|
| - def sign(self, bytes):
|
| - """Sign the passed-in bytes.
|
| -
|
| - This requires the key to have a private component. It performs
|
| - a PKCS1 signature on the passed-in data.
|
| -
|
| - @type bytes: L{array.array} of unsigned bytes
|
| - @param bytes: The value which will be signed.
|
| -
|
| - @rtype: L{array.array} of unsigned bytes.
|
| - @return: A PKCS1 signature on the passed-in data.
|
| - """
|
| - if not self.hasPrivateKey():
|
| - raise AssertionError()
|
| - paddedBytes = self._addPKCS1Padding(bytes, 1)
|
| - m = bytesToNumber(paddedBytes)
|
| - if m >= self.n:
|
| - raise ValueError()
|
| - c = self._rawPrivateKeyOp(m)
|
| - sigBytes = numberToBytes(c, numBytes(self.n))
|
| - return sigBytes
|
| -
|
| - def verify(self, sigBytes, bytes):
|
| - """Verify the passed-in bytes with the signature.
|
| -
|
| - This verifies a PKCS1 signature on the passed-in data.
|
| -
|
| - @type sigBytes: L{array.array} of unsigned bytes
|
| - @param sigBytes: A PKCS1 signature.
|
| -
|
| - @type bytes: L{array.array} of unsigned bytes
|
| - @param bytes: The value which will be verified.
|
| -
|
| - @rtype: bool
|
| - @return: Whether the signature matches the passed-in data.
|
| - """
|
| - paddedBytes = self._addPKCS1Padding(bytes, 1)
|
| - c = bytesToNumber(sigBytes)
|
| - if c >= self.n:
|
| - return False
|
| - m = self._rawPublicKeyOp(c)
|
| - checkBytes = numberToBytes(m)
|
| - return checkBytes == paddedBytes
|
| -
|
| - def encrypt(self, bytes):
|
| - """Encrypt the passed-in bytes.
|
| -
|
| - This performs PKCS1 encryption of the passed-in data.
|
| -
|
| - @type bytes: L{array.array} of unsigned bytes
|
| - @param bytes: The value which will be encrypted.
|
| -
|
| - @rtype: L{array.array} of unsigned bytes.
|
| - @return: A PKCS1 encryption of the passed-in data.
|
| - """
|
| - paddedBytes = self._addPKCS1Padding(bytes, 2)
|
| - m = bytesToNumber(paddedBytes)
|
| - if m >= self.n:
|
| - raise ValueError()
|
| - c = self._rawPublicKeyOp(m)
|
| - encBytes = numberToBytes(c)
|
| - return encBytes
|
| -
|
| - def decrypt(self, encBytes):
|
| - """Decrypt the passed-in bytes.
|
| -
|
| - This requires the key to have a private component. It performs
|
| - PKCS1 decryption of the passed-in data.
|
| -
|
| - @type encBytes: L{array.array} of unsigned bytes
|
| - @param encBytes: The value which will be decrypted.
|
| -
|
| - @rtype: L{array.array} of unsigned bytes or None.
|
| - @return: A PKCS1 decryption of the passed-in data or None if
|
| - the data is not properly formatted.
|
| - """
|
| - if not self.hasPrivateKey():
|
| - raise AssertionError()
|
| - c = bytesToNumber(encBytes)
|
| - if c >= self.n:
|
| - return None
|
| - m = self._rawPrivateKeyOp(c)
|
| - decBytes = numberToBytes(m)
|
| - if (len(decBytes) != numBytes(self.n)-1): #Check first byte
|
| - return None
|
| - if decBytes[0] != 2: #Check second byte
|
| - return None
|
| - for x in range(len(decBytes)-1): #Scan through for zero separator
|
| - if decBytes[x]== 0:
|
| - break
|
| - else:
|
| - return None
|
| - return decBytes[x+1:] #Return everything after the separator
|
| -
|
| - def _rawPrivateKeyOp(self, m):
|
| - raise NotImplementedError()
|
| -
|
| - def _rawPublicKeyOp(self, c):
|
| - raise NotImplementedError()
|
| -
|
| - def acceptsPassword(self):
|
| - """Return True if the write() method accepts a password for use
|
| - in encrypting the private key.
|
| -
|
| - @rtype: bool
|
| - """
|
| - raise NotImplementedError()
|
| -
|
| - def write(self, password=None):
|
| - """Return a string containing the key.
|
| -
|
| - @rtype: str
|
| - @return: A string describing the key, in whichever format (PEM
|
| - or XML) is native to the implementation.
|
| - """
|
| - raise NotImplementedError()
|
| -
|
| - def writeXMLPublicKey(self, indent=''):
|
| - """Return a string containing the key.
|
| -
|
| - @rtype: str
|
| - @return: A string describing the public key, in XML format.
|
| - """
|
| - return Python_RSAKey(self.n, self.e).write(indent)
|
| -
|
| - def generate(bits):
|
| - """Generate a new key with the specified bit length.
|
| -
|
| - @rtype: L{tlslite.utils.RSAKey.RSAKey}
|
| - """
|
| - raise NotImplementedError()
|
| - generate = staticmethod(generate)
|
| -
|
| -
|
| - # **************************************************************************
|
| - # Helper Functions for RSA Keys
|
| - # **************************************************************************
|
| -
|
| - def _addPKCS1SHA1Prefix(self, bytes):
|
| - prefixBytes = createByteArraySequence(\
|
| - [48,33,48,9,6,5,43,14,3,2,26,5,0,4,20])
|
| - prefixedBytes = prefixBytes + bytes
|
| - return prefixedBytes
|
| -
|
| - def _addPKCS1Padding(self, bytes, blockType):
|
| - padLength = (numBytes(self.n) - (len(bytes)+3))
|
| - if blockType == 1: #Signature padding
|
| - pad = [0xFF] * padLength
|
| - elif blockType == 2: #Encryption padding
|
| - pad = createByteArraySequence([])
|
| - while len(pad) < padLength:
|
| - padBytes = getRandomBytes(padLength * 2)
|
| - pad = [b for b in padBytes if b != 0]
|
| - pad = pad[:padLength]
|
| - else:
|
| - raise AssertionError()
|
| -
|
| - #NOTE: To be proper, we should add [0,blockType]. However,
|
| - #the zero is lost when the returned padding is converted
|
| - #to a number, so we don't even bother with it. Also,
|
| - #adding it would cause a misalignment in verify()
|
| - padding = createByteArraySequence([blockType] + pad + [0])
|
| - paddedBytes = padding + bytes
|
| - return paddedBytes
|
|
|
Chromium Code Reviews
Issue 211173006:
Perform tlslite 0.3.8 -> 0.4.6 renames ahead of time. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src