Bind out pkcs8 for rsa (#638)

Author: DmitriyMusatkin

source/crypto.c

@@ -285,15 +285,22 @@ PyObject *aws_py_rsa_private_key_from_pem_data(PyObject *self, PyObject *args) {
     /* From hereon, we need to clean up if errors occur */
 
     struct aws_pem_object *found_pem_object = s_find_pem_object(&pem_list, AWS_PEM_TYPE_PRIVATE_RSA_PKCS1);
+    struct aws_rsa_key_pair *key_pair = NULL;
 
-    if (found_pem_object == NULL) {
-        PyErr_SetString(PyExc_ValueError, "RSA private key not found in PEM.");
-        goto on_done;
+    if (found_pem_object != NULL) {
+        key_pair =
+            aws_rsa_key_pair_new_from_private_key_pkcs1(allocator, aws_byte_cursor_from_buf(&found_pem_object->data));
+    } else {
+        found_pem_object = s_find_pem_object(&pem_list, AWS_PEM_TYPE_PRIVATE_PKCS8);
+        if (found_pem_object != NULL) {
+            key_pair = aws_rsa_key_pair_new_from_private_key_pkcs8(
+                allocator, aws_byte_cursor_from_buf(&found_pem_object->data));
+        } else {
+            PyErr_SetString(PyExc_ValueError, "RSA private key not found in PEM.");
+            goto on_done;
+        }
     }
 
-    struct aws_rsa_key_pair *key_pair =
-        aws_rsa_key_pair_new_from_private_key_pkcs1(allocator, aws_byte_cursor_from_buf(&found_pem_object->data));
-
     if (key_pair == NULL) {
         PyErr_AwsLastError();
         goto on_done;

test/test_crypto.py

@@ -37,6 +37,37 @@
 -----END RSA PRIVATE KEY-----
 """
 
+RSA_PRIVATE_KEY_PEM_PKCS8 = """
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDN0jYhXzsI1lSA
+j+3uxraUu/78uHJlCcTifQlVUftgEzJth7WNGvrJ8bDLUHwV04cTYSkydgsivjms
+XFgzuTCOLiHX0ik/RT1fOvOpk0gte2gCfPIACUAkTlGXKJ+v+1kqnWFmZFNvtkz2
+fmLIRq9ZrXWORVmySCeoSfvyygxkmfTUfGieFr8LMFSB6VoWKA/vOk0sMF/5PRxm
+JESS4pOMjWQ3QHpLdjsgUAnxsThLVMbaA5JXdHnFHlgkTbL/OSY06EUzuZ0dJpTU
+qSBbaz6qewlIO4eM9d2N+5d/mt5nn4rU7yuLGlJE/U9UpSutuvkCkqosST9yKBz7
+YUhK7WyPAgMBAAECggEAYrHEZyhFJK2yA5wA2hjLgHLNiN3hbPXMRVbz3MfdJGrQ
+KZmDw1AGpkORJU1I0yaFhRN4L8xO9rAE89OsL9FDqUoRzG3ofYB0N3ALW2tWlwiw
+DVFgsge9jCtKEJPYTwjV7wtcoz7Ei7L9IM3mDGdoujXlQv2aT1UuPxKLEBc27h3Q
+KZZL0QbA33SmO24BUx9Y741hIXsVvoce0MQM1TPwEGH18qYpffb3kCBTwFEySx+q
+JFwadZiK1JPQgpELrXZT0VuARD2Ze8Z7c0b6668wYiwJ2mmf4l0NTLk67mIIfG1w
+NNNzHme/UGQEjSjUU9TFWLVHU9enumPv5UeLx3wvgQKBgQD7k6pCk8kkUcjjq0sq
+92Coy1DMlZg9ictcusJ5pfe1ZdW01iX/S/88ZOxk1X27jTWcHarAeA+ci4LzDWPG
+I61Hy4kJFOJB6Sx3hDSnfNvuIC/7zrcWLNzvfAeDYmPhAqi1K4HYFN7Ipa/1+Uew
+kWVllcUHRz5zWU+oYVXDsjARrwKBgQDRcJowibhaG4UUMzRsyyEK1l/w+z75L8A7
+2ZA+wMqyUo9LPgJRYvEHHRQTHDGCzP81IUaAK2OfWrD5Jnn6r4Il7+cQ+xCHKiMD
+rBhnL9dG4lVAWgdZPyWXfrdT3mqpZ3UgfWysvph8s48QdLA3ku7PpTfchwtSdXQP
+cxhEItlrIQKBgQDTTB8AdCfIfXiA3+nuWH+yxbFDY5HOfeF0LNgSXDdFABcSH5si
+Za4mB44U0ssbr2qLiM9VgIF8NiDyCxj13hk359dc7VFrknBqoXuoANKnmhkzIVfd
+JCkca8vTqdvBrP4NzFDuL/k+BQtZSNnRjwze2X/2sPve3fBtt/LUvuBouQKBgQC9
+T1Cv6uxN1m410grjA8C8MQXLpu5HAxh5gLBXaKBPCz0mv8gMlKhUy73ngCZomq9b
+8NXu6ElGMw2gR10ecSHs9KohuS45XqcDnLz6GE44bkCsyDO4QdHS2+EN2A8FTNSc
+J4Lhqe3fWdZJA5B8yz09R5P0q8RaJnxfsqMOg4mOwQKBgQC+N5xLCRa/n1kJ11we
+rnOe2POS+zuThhi1aMn0LLPIDwVMktymV7F8JegbdYB5KjxyxzDPcpRDRKCXvAew
+QiaCZLRyigBqDpDP4l3uIp1OEzWLYuEAWwnErC7fuPm0TFAy5ecegxW7eXasDy2C
+dJJcK3yV8NRVOzr2voGRmr4d7w==
+-----END PRIVATE KEY-----
+"""
+
 RSA_PUBLIC_KEY_PEM = """
 -----BEGIN RSA PUBLIC KEY-----
 MIIBCgKCAQEAxaEsLWE2t3kJqsF1sFHYk7rSCGfGTSDa+3r5typT0cb/TtJ989C8
@@ -170,6 +201,19 @@ def test_rsa_encryption_roundtrip(self):
                 pt_pub = rsa.decrypt(p, ct_pub)
                 self.assertEqual(test_pt, pt_pub)
 
+    def test_rsa_encryption_roundtrip_pkcs8(self):
+        param_list = [RSAEncryptionAlgorithm.PKCS1_5,
+                      RSAEncryptionAlgorithm.OAEP_SHA256,
+                      RSAEncryptionAlgorithm.OAEP_SHA512]
+
+        for p in param_list:
+            with self.subTest(msg="RSA Encryption Roundtrip using algo p", p=p):
+                test_pt = b'totally original test string'
+                rsa = RSA.new_private_key_from_pem_data(RSA_PRIVATE_KEY_PEM_PKCS8)
+                ct = rsa.encrypt(p, test_pt)
+                pt = rsa.decrypt(p, ct)
+                self.assertEqual(test_pt, pt)
+
     def test_rsa_encryption_roundtrip_der(self):
         param_list = [RSAEncryptionAlgorithm.PKCS1_5,
                       RSAEncryptionAlgorithm.OAEP_SHA256,
@@ -211,6 +255,24 @@ def test_rsa_signing_roundtrip(self):
                 rsa_pub = RSA.new_public_key_from_pem_data(RSA_PUBLIC_KEY_PEM)
                 self.assertTrue(rsa_pub.verify(p, digest, signature))
 
+    def test_rsa_signing_roundtrip_pkcs8(self):
+        param_list = [RSASignatureAlgorithm.PKCS1_5_SHA256,
+                      RSASignatureAlgorithm.PSS_SHA256,
+                      RSASignatureAlgorithm.PKCS1_5_SHA1]
+
+        for p in param_list:
+            with self.subTest(msg="RSA Signing Roundtrip using algo p", p=p):
+                if (p == RSASignatureAlgorithm.PKCS1_5_SHA1):
+                    h = Hash.sha1_new()
+                else:
+                    h = Hash.sha256_new()
+                h.update(b'totally original test string')
+                digest = h.digest()
+
+                rsa = RSA.new_private_key_from_pem_data(RSA_PRIVATE_KEY_PEM_PKCS8)
+                signature = rsa.sign(p, digest)
+                self.assertTrue(rsa.verify(p, digest, signature))
+
     def test_rsa_signing_roundtrip_der(self):
         param_list = [RSASignatureAlgorithm.PKCS1_5_SHA256,
                       RSASignatureAlgorithm.PSS_SHA256,