tyler.durden
/
PyKMIP
mirror of https://github.com/OpenKMIP/PyKMIP.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #310 from OpenKMIP/bug/update-key-wrap 

Fix key wrapping support in the cryptography engine
This commit is contained in:
Peter Hamilton 2017-07-24 12:53:50 -04:00 committed by GitHub
parent 615889f7eb 448cf229f6
commit a3bd7f4b6f
2 changed files with 16 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
kmip/services/server/crypto/engine.py
View File

@ -805,7 +805,7 @@ class CryptographyEngine(api.CryptographicEngine):
def wrap_key(self, def wrap_key(self,
key_material, key_material,
wrapping_method, wrapping_method,
encryption_algorithm, key_wrap_algorithm,
encryption_key): encryption_key):
""" """
Args: Args:
@ -813,9 +813,9 @@ class CryptographyEngine(api.CryptographicEngine):
wrapping_method (WrappingMethod): A WrappingMethod enumeration wrapping_method (WrappingMethod): A WrappingMethod enumeration
specifying what wrapping technique to use to wrap the key specifying what wrapping technique to use to wrap the key
material. Required. material. Required.
encryption_algorithm (CryptographicAlgorithm): A key_wrap_algorithm (BlockCipherMode): A BlockCipherMode
CryptographicAlgorithm enumeration specifying the encryption enumeration specifying the key wrapping algorithm to use to
algorithm to use to encrypt the key material. Required. wrap the key material. Required.
encryption_key (bytes): The bytes of the encryption key to use encryption_key (bytes): The bytes of the encryption key to use
to encrypt the key material. Required. to encrypt the key material. Required.
@ -836,7 +836,7 @@ class CryptographyEngine(api.CryptographicEngine):
... b'\x88\x99\xAA\xBB\xCC\xDD\xEE\xFF' ... b'\x88\x99\xAA\xBB\xCC\xDD\xEE\xFF'
... ) ... )
... wrapping_method=enums.WrappingMethod.ENCRYPT, ... wrapping_method=enums.WrappingMethod.ENCRYPT,
... encryption_algorithm=enums.CryptographicAlgorithm.AES, ... key_wrap_algorithm=enums.BlockCipherMode.NIST_KEY_WRAP,
... encryption_key=( ... encryption_key=(
... b'\x00\x01\x02\x03\x04\x05\x06\x07' ... b'\x00\x01\x02\x03\x04\x05\x06\x07'
... b'\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F' ... b'\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F'
@ -847,7 +847,7 @@ class CryptographyEngine(api.CryptographicEngine):
\xd2\xcf\xe5' \xd2\xcf\xe5'
""" """
if wrapping_method == enums.WrappingMethod.ENCRYPT: if wrapping_method == enums.WrappingMethod.ENCRYPT:
if encryption_algorithm == enums.CryptographicAlgorithm.AES: if key_wrap_algorithm == enums.BlockCipherMode.NIST_KEY_WRAP:
try: try:
wrapped_key = keywrap.aes_key_wrap( wrapped_key = keywrap.aes_key_wrap(
encryption_key, encryption_key,
@ -860,7 +860,7 @@ class CryptographyEngine(api.CryptographicEngine):
else: else:
raise exceptions.InvalidField( raise exceptions.InvalidField(
"Encryption algorithm '{0}' is not a supported key " "Encryption algorithm '{0}' is not a supported key "
"wrapping algorithm.".format(encryption_algorithm) "wrapping algorithm.".format(key_wrap_algorithm)
) )
else: else:
raise exceptions.InvalidField( raise exceptions.InvalidField(

18
kmip/tests/unit/services/server/crypto/test_engine.py
View File

@ -677,7 +677,7 @@ class TestCryptographyEngine(testtools.TestCase):
""" """
engine = crypto.CryptographyEngine() engine = crypto.CryptographyEngine()
args = (b'', 'invalid', enums.CryptographicAlgorithm.AES, b'') args = (b'', 'invalid', enums.BlockCipherMode.NIST_KEY_WRAP, b'')
self.assertRaisesRegexp( self.assertRaisesRegexp(
exceptions.InvalidField, exceptions.InvalidField,
"Wrapping method 'invalid' is not a supported key wrapping " "Wrapping method 'invalid' is not a supported key wrapping "
@ -712,7 +712,7 @@ class TestCryptographyEngine(testtools.TestCase):
args = ( args = (
b'', b'',
enums.WrappingMethod.ENCRYPT, enums.WrappingMethod.ENCRYPT,
enums.CryptographicAlgorithm.AES, enums.BlockCipherMode.NIST_KEY_WRAP,
b'' b''
) )
self.assertRaises( self.assertRaises(
@ -1645,7 +1645,7 @@ def test_derive_key(derivation_parameters):
b'\x88\x99\xAA\xBB\xCC\xDD\xEE\xFF' b'\x88\x99\xAA\xBB\xCC\xDD\xEE\xFF'
), ),
'wrapping_method': enums.WrappingMethod.ENCRYPT, 'wrapping_method': enums.WrappingMethod.ENCRYPT,
'encryption_algorithm': enums.CryptographicAlgorithm.AES, 'key_wrap_algorithm': enums.BlockCipherMode.NIST_KEY_WRAP,
'encryption_key': ( 'encryption_key': (
b'\x00\x01\x02\x03\x04\x05\x06\x07' b'\x00\x01\x02\x03\x04\x05\x06\x07'
b'\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F' b'\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F'
@ -1660,7 +1660,7 @@ def test_derive_key(derivation_parameters):
b'\x88\x99\xAA\xBB\xCC\xDD\xEE\xFF' b'\x88\x99\xAA\xBB\xCC\xDD\xEE\xFF'
), ),
'wrapping_method': enums.WrappingMethod.ENCRYPT, 'wrapping_method': enums.WrappingMethod.ENCRYPT,
'encryption_algorithm': enums.CryptographicAlgorithm.AES, 'key_wrap_algorithm': enums.BlockCipherMode.NIST_KEY_WRAP,
'encryption_key': ( 'encryption_key': (
b'\x00\x01\x02\x03\x04\x05\x06\x07' b'\x00\x01\x02\x03\x04\x05\x06\x07'
b'\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F' b'\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F'
@ -1676,7 +1676,7 @@ def test_derive_key(derivation_parameters):
b'\x88\x99\xAA\xBB\xCC\xDD\xEE\xFF' b'\x88\x99\xAA\xBB\xCC\xDD\xEE\xFF'
), ),
'wrapping_method': enums.WrappingMethod.ENCRYPT, 'wrapping_method': enums.WrappingMethod.ENCRYPT,
'encryption_algorithm': enums.CryptographicAlgorithm.AES, 'key_wrap_algorithm': enums.BlockCipherMode.NIST_KEY_WRAP,
'encryption_key': ( 'encryption_key': (
b'\x00\x01\x02\x03\x04\x05\x06\x07' b'\x00\x01\x02\x03\x04\x05\x06\x07'
b'\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F' b'\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F'
@ -1694,7 +1694,7 @@ def test_derive_key(derivation_parameters):
b'\x00\x01\x02\x03\x04\x05\x06\x07' b'\x00\x01\x02\x03\x04\x05\x06\x07'
), ),
'wrapping_method': enums.WrappingMethod.ENCRYPT, 'wrapping_method': enums.WrappingMethod.ENCRYPT,
'encryption_algorithm': enums.CryptographicAlgorithm.AES, 'key_wrap_algorithm': enums.BlockCipherMode.NIST_KEY_WRAP,
'encryption_key': ( 'encryption_key': (
b'\x00\x01\x02\x03\x04\x05\x06\x07' b'\x00\x01\x02\x03\x04\x05\x06\x07'
b'\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F' b'\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F'
@ -1712,7 +1712,7 @@ def test_derive_key(derivation_parameters):
b'\x00\x01\x02\x03\x04\x05\x06\x07' b'\x00\x01\x02\x03\x04\x05\x06\x07'
), ),
'wrapping_method': enums.WrappingMethod.ENCRYPT, 'wrapping_method': enums.WrappingMethod.ENCRYPT,
'encryption_algorithm': enums.CryptographicAlgorithm.AES, 'key_wrap_algorithm': enums.BlockCipherMode.NIST_KEY_WRAP,
'encryption_key': ( 'encryption_key': (
b'\x00\x01\x02\x03\x04\x05\x06\x07' b'\x00\x01\x02\x03\x04\x05\x06\x07'
b'\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F' b'\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F'
@ -1732,7 +1732,7 @@ def test_derive_key(derivation_parameters):
b'\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F' b'\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F'
), ),
'wrapping_method': enums.WrappingMethod.ENCRYPT, 'wrapping_method': enums.WrappingMethod.ENCRYPT,
'encryption_algorithm': enums.CryptographicAlgorithm.AES, 'key_wrap_algorithm': enums.BlockCipherMode.NIST_KEY_WRAP,
'encryption_key': ( 'encryption_key': (
b'\x00\x01\x02\x03\x04\x05\x06\x07' b'\x00\x01\x02\x03\x04\x05\x06\x07'
b'\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F' b'\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F'
@ -1762,7 +1762,7 @@ def test_wrap_key(wrapping_parameters):
result = engine.wrap_key( result = engine.wrap_key(
wrapping_parameters.get('key_material'), wrapping_parameters.get('key_material'),
wrapping_parameters.get('wrapping_method'), wrapping_parameters.get('wrapping_method'),
wrapping_parameters.get('encryption_algorithm'), wrapping_parameters.get('key_wrap_algorithm'),
wrapping_parameters.get('encryption_key') wrapping_parameters.get('encryption_key')
) )