fat: implemented RSA support

Author: PascalDR

pymdoccbor/mdoc/issuer.py

@@ -6,6 +6,7 @@
 from cryptography.hazmat.primitives import serialization
 from cryptography.hazmat.primitives.asymmetric.ec import EllipticCurvePublicKey
 from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PublicKey
+from cryptography.hazmat.primitives.asymmetric.rsa import RSAPublicKey
 from pycose.keys import CoseKey, EC2Key
 from typing import Union
 
@@ -109,6 +110,14 @@ def new(
                     -1: devicekeyinfoCoseKeyObject.crv.identifier,
                     -2: devicekeyinfoCoseKeyObject.x,
                 }
+            elif devicekeyinfoCoseKeyObject.kty.identifier == 3:  # RSAKey
+                devicekeyinfo = {
+                    1: devicekeyinfoCoseKeyObject.kty.identifier,
+                    -1: devicekeyinfoCoseKeyObject.n,
+                    -2: devicekeyinfoCoseKeyObject.e,
+                }
+            else:
+                raise TypeError("Unsupported key type in devicekeyinfo")
         if isinstance(devicekeyinfo, str):
             device_key_bytes = base64.urlsafe_b64decode(devicekeyinfo.encode("utf-8"))
             public_key = serialization.load_pem_public_key(device_key_bytes)
@@ -154,6 +163,18 @@ def new(
                         format=serialization.PublicFormat.Raw
                     )
                 }
+            elif isinstance(public_key, RSAPublicKey):
+                devicekeyinfo = {
+                    1: 3,  # RSAKey
+                    -1: public_key.public_numbers().n.to_bytes(
+                        (public_key.public_numbers().n.bit_length() + 7) // 8,
+                        "big"
+                    ),
+                    -2: public_key.public_numbers().e.to_bytes(
+                        (public_key.public_numbers().e.bit_length() + 7) // 8,
+                        "big"
+                    )
+                }
             else:
                 raise TypeError("Loaded public key is not an EllipticCurvePublicKey")
 

pymdoccbor/tests/pkey.py

@@ -1,6 +1,8 @@
 import os
 import base64
 
+from pycose.keys import RSAKey
+
 PKEY = {
     'KTY': 'EC2',
     'CURVE': 'P_256',
@@ -29,4 +31,11 @@ def base64_urldecode(v: str) -> bytes:
     'D': decoded_d,
     'X': decoded_x,
     'KID': b"demo-kid-ed25519"
+}
+
+PKEY_RSA = {
+    'KTY': 'RSA', 
+    'E': b'\xd4\xf1\xf2o', 
+    'N': b'[_\x81\\6y3\xbf\x01\xad\xba\xe26&\xcb\xa2g\xff\x97\xa1rv\xa7\x9a{\xfb\x01r^S\xfb\xefY\xb4\x14\xcesz\x99H\x02\xaf\xf5\xab\x18_\xac\xaaR\x13Q\xe6\xa0\x9a\x8c\x8a\x1f\x13\x0b9\xf3\xbb\xe1\x0b\xb9<\xe7\xc0\xffU\xa0\xcb\x1aw\xf2/\x11\x0e\xea^\x98:cp\x1f3\xc9\x81\x93e\x81\xb4\xb20s\xa6\xaaV\xf3\x03y\xb3\xd9\x93i\x14\xa7\xafi.\x08\xdey\x15s-V\x10\xf0\x0f+:E\x10\xec\xca\x93\x17\xecg\xaf!\x11\xe7\x91\xcdG7)\x83\xc3\xdd\xc2xp\xb2v_\xf2l\xc9\xc7\x15r\xf9\xa1U\xe9`\xde\xf1\xa9\xc2\xb6\xde\xebc|\xef\xb0s,\x10\xa1l\x81&\xcc\xb9\xfa\xb6\xffs\x1a9\x0c[7\xafJ\x1c\xd5\xb6\xc7?\x1c\x8fN\x1a\xde\x7f\xa4\x8f\xf6,\xed\x89b\x87\xcaXL\x8e}\xa5K\x0b\x9a\x8c\xb2\xd2\x91\x0f\xedI\x8e\x8fYq#\x8c\xd1\x02\xe2B\xff\xf1\x1dT\x15\xb1I\xe8\xd8\xfc[\xd5Y\x9ab\xcc\xe3\xff\xac\xfa\x85', 
+    'KEY_OPS': ['SIGN']
 }

pymdoccbor/tests/test_02_mdoc_issuer.py

@@ -12,7 +12,7 @@
 from pymdoccbor.mso.issuer import MsoIssuer
 from pymdoccbor.tests.pid_data import PID_DATA
 from pymdoccbor.tests.cert_data import CERT_DATA
-from pymdoccbor.tests.pkey import PKEY, PKEY_ED25519
+from pymdoccbor.tests.pkey import PKEY, PKEY_ED25519, PKEY_RSA
 
 
 def extract_mso(mdoc:dict):
@@ -121,6 +121,49 @@ def test_mdoc_issuer_EdDSA():
     mdoci.dump()
     mdoci.dumps()
 
+    # check mso content for status list
+    mso = extract_mso(mdoc)
+    status_list = mso["status"]["status_list"]
+    assert status_list["idx"] == 0
+    assert status_list["uri"] == "https://issuer.com/statuslists"
+    cert_bytes = status_list["certificate"]
+    cert:Certificate = load_der_x509_certificate(cert_bytes)
+    assert "Test ASL Issuer" in cert.subject.rfc4514_string(), "ASL is not signed with the expected certificate"
+
+def test_mdoc_issuer_RSA():
+    validity = {"issuance_date": "2025-01-17", "expiry_date": "2025-11-13" }
+    mdoci = MdocCborIssuer(
+        private_key=PKEY,
+        alg = "ES256",
+        cert_info=CERT_DATA
+    )
+    with open("pymdoccbor/tests/certs/fake-cert.pem", "rb") as file:
+        fake_cert_file = file.read()
+        asl_signing_cert = x509.load_pem_x509_certificate(fake_cert_file)
+        _asl_signing_cert = asl_signing_cert.public_bytes(getattr(serialization.Encoding, "DER"))
+        status_list = {
+            "status_list": {
+                "idx": 0,
+                "uri": "https://issuer.com/statuslists",
+                "certificate": _asl_signing_cert,
+            }
+        }
+        mdoc = mdoci.new(
+            doctype="eu.europa.ec.eudiw.pid.1",
+            data=PID_DATA,
+            devicekeyinfo=PKEY_RSA,
+            validity=validity,
+            revocation=status_list
+        )
+
+    mdocp = MdocCbor()
+    aa = cbor2.dumps(mdoc)
+    mdocp.loads(aa)
+    assert mdocp.verify() is True
+    
+    mdoci.dump()
+    mdoci.dumps()
+
     # check mso content for status list
     mso = extract_mso(mdoc)
     status_list = mso["status"]["status_list"]