def test_openssh_gauntlet(self):
num_runs = 6
num_enc = num_runs // 3
curves = [P192, P224, P256, P384, P521]
for i in range(num_runs):
curve = random.choice(curves)
ecdsa = ECDSA(curve.G)
passphrase = None
if i < num_enc:
passphrase = Bytes.random(Bytes.random(1).int())
priv = ecdsa.export_private_key(encoding=PKIEncoding.OpenSSH,
encryption=b'aes256-ctr',
passphrase=passphrase)
pub_openssh = ecdsa.export_public_key(encoding=PKIEncoding.OpenSSH)
pub_ssh2 = ecdsa.export_public_key(encoding=PKIEncoding.SSH2)
new_priv = ECDSA.import_key(priv, passphrase=passphrase)
new_pub_openssh = ECDSA.import_key(pub_openssh)
new_pub_ssh2 = ECDSA.import_key(pub_ssh2)
self.assertEqual((new_priv.d, new_priv.G, new_priv.Q),
(ecdsa.d, ecdsa.G, ecdsa.Q))
self.assertEqual((new_pub_openssh.G, new_pub_openssh.Q),
(ecdsa.G, ecdsa.Q))
self.assertEqual((new_pub_ssh2.G, new_pub_ssh2.Q),
(ecdsa.G, ecdsa.Q))
def _run_import_pem_enc(self, enc_priv):
with self.assertRaises(ValueError):
ECDSA.import_key(enc_priv)
enc_ecdsa = ECDSA.import_key(enc_priv, PEM_PASSPHRASE)
dec_ecdsa = ECDSA.import_key(TEST_PEM_DEC)
self.assertEqual((enc_ecdsa.G, enc_ecdsa.d, enc_ecdsa.Q),
(dec_ecdsa.G, dec_ecdsa.d, dec_ecdsa.Q))
def test_import_openssh(self):
for key, passphrase in [
TEST_OPENSSH0, TEST_OPENSSH1, TEST_OPENSSH2, TEST_OPENSSH3
]:
if passphrase:
with self.assertRaises(ValueError):
ECDSA.import_key(key)
ecdsa = ECDSA.import_key(key, passphrase=passphrase)
self.assertEqual(ecdsa.d * ecdsa.G, ecdsa.Q)
self.assertLess(ecdsa.d, ecdsa.q)
def test_import_export_public(self):
ecdsa_pub = ECDSA.import_key(TEST_PUB)
ecdsa_priv = ECDSA.import_key(TEST_PRIV)
der_bytes = ecdsa_pub.export_public_key(encoding=PKIEncoding.X509)
new_pub = ECDSA.import_key(der_bytes)
self.assertEqual(ecdsa_pub.Q, ecdsa_priv.Q)
self.assertEqual(new_pub.Q, ecdsa_priv.Q)
self.assertEqual(der_bytes.replace(b'\n', b''),
TEST_PUB.replace(b'\n', b''))
def test_import_export_private(self):
ecdsa = ECDSA.import_key(TEST_PRIV)
der_bytes = ecdsa.export_private_key(encoding=PKIEncoding.PKCS1)
new_ecdsa = ECDSA.import_key(der_bytes)
self.assertEqual((ecdsa.G, ecdsa.d, ecdsa.Q),
(new_ecdsa.G, new_ecdsa.d, new_ecdsa.Q))
self.assertEqual((ecdsa.G.curve, ecdsa.d, ecdsa.Q),
(EXPECTED_CURVE, EXPECTED_PRIV, PUB_POINT))
self.assertEqual(der_bytes.replace(b'\n', b''),
TEST_PRIV.replace(b'\n', b''))
def test_import_jwk(self):
ec = ECDSA.import_key(TEST_JWK)
jwk = ec.export_public_key(encoding=PKIEncoding.JWK)
self.assertEqual(jwk, TEST_JWK)
ec = ECDSA.import_key(TEST_JWK_PRIV)
jwk = ec.export_private_key(encoding=PKIEncoding.JWK)
as_dict = json.loads(TEST_JWK_PRIV.decode())
del as_dict['use']
del as_dict['alg']
self.assertEqual(json.loads(jwk.decode()), as_dict)
def test_jwk_gauntlet(self):
curves = [P192, P224, P256, P384, P521]
for _ in range(100):
curve = random.choice(curves)
ecdsa = ECDSA(curve.G)
priv = ecdsa.export_private_key(encoding=PKIEncoding.JWK)
pub = ecdsa.export_public_key(encoding=PKIEncoding.JWK)
new_priv = ECDSA.import_key(priv)
new_pub = ECDSA.import_key(pub)
self.assertEqual((new_priv.d, new_priv.G, new_priv.Q),
(ecdsa.d, ecdsa.G, ecdsa.Q))
self.assertEqual((new_pub.G, new_pub.Q), (ecdsa.G, ecdsa.Q))
def test_import_x509(self):
ec = ECDSA.import_key(TEST_X509)
ec_bytes = ec.export_public_key(encoding=PKIEncoding.X509)
self.assertEqual((ec.Q.x, ec.Q.y), (
715947441162623524308031264370421599762967653523544747480787993496487140462283488974903669322082866021662891001767126467535751404779526256673589715857924084,
6284315030597594553103397980681739738230677011801289227519057103940802676199779900446162742685830902816710685363967012731548834638923262185574277733031408959
))
self.assertEqual(ec_bytes.replace(b'\n', b''),
TEST_X509.replace(b'\n', b''))
def test_import_ssh(self):
ecdsa_pub = ECDSA.import_key(TEST_SSH_PUB)
ecdsa_ssh2_pub = ECDSA.import_key(TEST_SSH2_PUB)
ecdsa_priv = ECDSA.import_key(TEST_SSH_PRIV)
self.assertEqual((ecdsa_pub.G, ecdsa_pub.Q),
(ecdsa_priv.G, ecdsa_priv.Q))
self.assertEqual((ecdsa_ssh2_pub.G, ecdsa_ssh2_pub.Q),
(ecdsa_priv.G, ecdsa_priv.Q))
self.assertEqual(ecdsa_priv.d * ecdsa_priv.G, ecdsa_priv.Q)
self.assertEqual(
ecdsa_pub.export_public_key(encoding=PKIEncoding.OpenSSH).replace(
b'\n', b''), TEST_SSH_PUB.replace(b'\n', b''))
self.assertEqual(
ecdsa_ssh2_pub.export_public_key(
encoding=PKIEncoding.SSH2).replace(b'\n', b''),
TEST_SSH2_PUB_NO_CMT.replace(b'\n', b''))
def test_import_x509_cert(self):
from subprocess import check_call
ec = ECDSA.import_key(TEST_X509_CERT)
self.assertEqual((ec.Q.x, ec.Q.y), (
715947441162623524308031264370421599762967653523544747480787993496487140462283488974903669322082866021662891001767126467535751404779526256673589715857924084,
6284315030597594553103397980681739738230677011801289227519057103940802676199779900446162742685830902816710685363967012731548834638923262185574277733031408959
))
cert = ec.export_public_key(encoding=PKIEncoding.X509_CERT).decode()
check_call([f'echo -n \"{cert}\" | openssl x509 -text'], shell=True)
def test_import_enc_gauntlet(self):
supported_algos = RFC1423_ALGOS.keys()
for algo in supported_algos:
for _ in range(10):
ecdsa = ECDSA(G=P256.G, hash_obj=None)
key = Bytes.random(Bytes.random(1).int() + 1)
enc_pem = ecdsa.export_private_key(encryption=algo,
passphrase=key)
dec_ecdsa = ECDSA.import_key(enc_pem, key)
self.assertEqual((ecdsa.G, ecdsa.d, ecdsa.Q),
(dec_ecdsa.G, dec_ecdsa.d, dec_ecdsa.Q))
def test_import_pkcs8(self):
ec = ECDSA.import_key(TEST_PKCS8)
ec_bytes = ec.export_private_key(encoding=PKIEncoding.PKCS8)
self.assertEqual(
ec.d,
2282649980877248464928985540593193992740494509534471044083643023670157012821680477618689736007052097550343217684448593053345246736083446705198105618319263331
)
self.assertEqual((ec.Q.x, ec.Q.y), (
715947441162623524308031264370421599762967653523544747480787993496487140462283488974903669322082866021662891001767126467535751404779526256673589715857924084,
6284315030597594553103397980681739738230677011801289227519057103940802676199779900446162742685830902816710685363967012731548834638923262185574277733031408959
))
self.assertEqual(ec_bytes.replace(b'\n', b''),
TEST_PKCS8.replace(b'\n', b''))
kB/cZjfDEvoQKBgQDgjoTWAoMHDwxhcnQ0xktfDtAv7WBGIydoovCtFax8YdiEVdcEUJfX JlMwGwCdw6U71/u8wT+VAvqs9XsOgFVI9mcTfX+9l3RoJWZltMrmsMCVNxxbbDz+sFBQhF YDsNEuhGxwUUjciw9LqCsjiG/vsNqTvf7liFbsNMbZghAbbQKBgDzw+2Seo9odwXaMA3fB ZIP+RSKngdpvc5VmhsiwJ5WMUg963PEWXEfXq24rK7DvYeTKZDLVdNa/xhQTKQXm5z+oof YJD9LDBaruRgPp/4tZaYwUrX1IQWRNSItu417FPUIZepUEht6NLOlhGb8u15T4jExjBlgx GKKQQ6RcM/pBAoGAYH9+QAVWTzs9Q8cOfvtTumbAOkhU3e8PaVzT9l1hARZ/F+dXfggwKA nVJ9ACxMklgYEAMg4Nh7h/BsJ6/jFR9QfGJc8BjPS/1l10EnLN2rLMH5NOQU9TKtOTv/YO jIl4avgHLYEQwY2Upht/Zkaka6lhVKoKFpMvX1QSu7ezukUCgYEA4evL4ELaxSYTSVX+Vz Q2z8l7riPWLFEqPvMHsgW5wKVkXHnpRx+PoeZQK/+AIdEOMh0zeXEecLg7uQ1T4qmWPDxB uDbtNosYyMryoNAwfQfTcMcc9QvnLXNMqLC7vm/hPlzwvogWyyWeYbOvsjPGSzfaw+DfbU pVYpArfNuzoBM= -----END PRIVATE KEY-----""") ES1_KEY = ECDSA.import_key(b"""-----BEGIN PRIVATE KEY----- MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgpR4yjoqJ09GAriF++Pxu+I O1FxF9uAGsniq77Lc6woehRANCAAQbdf1V9k89vTxPbWlzYoiJnk+RZpufb5AX7D4mRJN+ o0NjMxFrNFUyiq3Y7+wa9k06Lg7KL06HN+kaax2/Fp3M -----END PRIVATE KEY-----""") ES1_KEY.hash_obj = SHA256() ES2_KEY = ECDSA.import_key(b"""-----BEGIN PRIVATE KEY----- MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDxg/XHeJj3sTTsO8Jnczsxzc jLfwmbJlYMDg2SupAvsrck9iNktrlRlKDX3prWaquhZANiAASzOq9L0SGAfmP1NUxMKunV mxF707SBdr17rYhes0Q+SpnQ7GWliRcGivg501bxcKxri6EIqPlTSstDmtgCPE7rowKVMt jHB2itCKnpa4Zw6373AEe8xrxLrYvSlg1uPmw= -----END PRIVATE KEY-----""") ES2_KEY.hash_obj = SHA384()
