diff options
| author | Valentin Lefebvre <valentin.lefebvre@suse.com> | 2023-09-27 16:41:58 +0200 |
|---|---|---|
| committer | Daan De Meyer <daan.j.demeyer@gmail.com> | 2023-09-29 11:31:12 +0200 |
| commit | 750674da0d9e352561ad05a7001a8e891f24a06d (patch) | |
| tree | 92ec828c24a172c029f787d147e81e62ff4a5f1e /src/ukify | |
| parent | Merge pull request #29183 from ddstreet/tpm2_openssl_functions (diff) | |
| download | systemd-750674da0d9e352561ad05a7001a8e891f24a06d.tar.xz systemd-750674da0d9e352561ad05a7001a8e891f24a06d.zip | |
ukify: explicitly import attribute
* Explicitly import attributes rsa and serialization from cryptography.hazmat
Signed-off-by: Valentin Lefebvre <valentin.lefebvre@suse.com>
Diffstat (limited to 'src/ukify')
| -rwxr-xr-x | src/ukify/ukify.py | 30 |
1 files changed, 16 insertions, 14 deletions
diff --git a/src/ukify/ukify.py b/src/ukify/ukify.py index 432dc87988..99a0d72650 100755 --- a/src/ukify/ukify.py +++ b/src/ukify/ukify.py @@ -858,7 +858,8 @@ def generate_key_cert_pair( ) -> tuple[bytes]: from cryptography import x509 - import cryptography.hazmat.primitives as hp + from cryptography.hazmat.primitives import serialization, hashes + from cryptography.hazmat.primitives.asymmetric import rsa # We use a keylength of 2048 bits. That is what Microsoft documents as # supported/expected: @@ -866,7 +867,7 @@ def generate_key_cert_pair( now = datetime.datetime.utcnow() - key = hp.asymmetric.rsa.generate_private_key( + key = rsa.generate_private_key( public_exponent=65537, key_size=keylength, ) @@ -888,36 +889,37 @@ def generate_key_cert_pair( critical=True, ).sign( private_key=key, - algorithm=hp.hashes.SHA256(), + algorithm=hashes.SHA256(), ) cert_pem = cert.public_bytes( - encoding=hp.serialization.Encoding.PEM, + encoding=serialization.Encoding.PEM, ) key_pem = key.private_bytes( - encoding=hp.serialization.Encoding.PEM, - format=hp.serialization.PrivateFormat.TraditionalOpenSSL, - encryption_algorithm=hp.serialization.NoEncryption(), + encoding=serialization.Encoding.PEM, + format=serialization.PrivateFormat.TraditionalOpenSSL, + encryption_algorithm=serialization.NoEncryption(), ) return key_pem, cert_pem def generate_priv_pub_key_pair(keylength : int = 2048) -> tuple[bytes]: - import cryptography.hazmat.primitives as hp + from cryptography.hazmat.primitives import serialization + from cryptography.hazmat.primitives.asymmetric import rsa - key = hp.asymmetric.rsa.generate_private_key( + key = rsa.generate_private_key( public_exponent=65537, key_size=keylength, ) priv_key_pem = key.private_bytes( - encoding=hp.serialization.Encoding.PEM, - format=hp.serialization.PrivateFormat.TraditionalOpenSSL, - encryption_algorithm=hp.serialization.NoEncryption(), + encoding=serialization.Encoding.PEM, + format=serialization.PrivateFormat.TraditionalOpenSSL, + encryption_algorithm=serialization.NoEncryption(), ) pub_key_pem = key.public_key().public_bytes( - encoding=hp.serialization.Encoding.PEM, - format=hp.serialization.PublicFormat.SubjectPublicKeyInfo, + encoding=serialization.Encoding.PEM, + format=serialization.PublicFormat.SubjectPublicKeyInfo, ) return priv_key_pem, pub_key_pem |