def test_cn(self):
o=Oid("2.5.4.3")
self.assertEqual(repr(o),"Oid('2.5.4.3')")
self.assertEqual(o.dotted(),"2.5.4.3")
self.assertEqual(str(o),"2.5.4.3")
self.assertEqual(o.shortname(),"CN")
self.assertEqual(o.longname(),"commonName")
def CMS(data, format="PEM"):
"""
Factory function to create CMS objects from received messages.
Parses CMS data and returns either SignedData or EnvelopedData
object. format argument can be either "PEM" or "DER".
It determines object type from the contents of received CMS
structure.
"""
bio = Membio(data)
if format == "PEM":
ptr = libcrypto.PEM_read_bio_CMS(bio.bio, None, None, None)
else:
ptr = libcrypto.d2i_CMS_bio(bio.bio, None)
if ptr is None:
raise CMSError("Error parsing CMS data")
typeoid = Oid(libcrypto.OBJ_obj2nid(libcrypto.CMS_get0_type(ptr)))
if typeoid.shortname() == "pkcs7-signedData":
return SignedData(ptr)
elif typeoid.shortname() == "pkcs7-envelopedData":
return EnvelopedData(ptr)
elif typeoid.shortname() == "pkcs7-encryptedData":
return EncryptedData(ptr)
else:
raise NotImplementedError("cannot handle "+typeoid.shortname())
def test_cn(self):
o=Oid("2.5.4.3")
self.assertEqual(repr(o),"Oid('2.5.4.3')")
self.assertEqual(o.dotted(),"2.5.4.3")
self.assertEqual(str(o),"2.5.4.3")
self.assertEqual(o.shortname(),"CN")
self.assertEqual(o.longname(),"commonName")
def test_createfromoid(self):
oid = Oid('sha256')
d = digest.DigestType(oid)
self.assertEqual(d.digest_size, 32)
self.assertEqual(d.block_size, 64)
self.assertEqual(d.oid, Oid("sha256"))
self.assertEqual(d.name, 'sha256')
def test_subjectfields(self):
c = X509(self.cert1)
self.assertEqual(c.subject[Oid("C")], "RU")
with self.assertRaises(TypeError):
x = c.subject["CN"]
self.assertEqual(c.subject[Oid("L")],
u'\u041c\u043e\u0441\u043a\u0432\u0430')
def __init__(self, algorithm, key, digest=None, **kwargs):
"""
Constructor has to obligatory arguments:
@param algorithm - which is name of MAC algorithm i.e 'hmac' or
'gost-mac' or equivalent Oid object
@param key - byte buffer with key.
Optional parameters are:
digest - Oid or name of the digest algorithm to use. If none
specified, OpenSSL will try to derive one from the MAC
algorithm (or if algorithm is hmac, we'll substititute md5
for compatibility with standard hmac module
any other keyword argument is passed to EVP_PKEY_CTX as string
option.
"""
if isinstance(algorithm, str):
self.algorithm = Oid(algorithm)
elif isinstance(algorithm, Oid):
self.algorithm = algorithm
else:
raise TypeError("Algorthm must be string or Oid")
if self.algorithm == Oid('hmac') and digest is None:
digest = 'md5'
self.name = self.algorithm.shortname().lower()
if digest is not None:
self.digest_type = DigestType(digest)
self.name += '-' + self.digest_type.digest_name
d = self.digest_type.digest
else:
self.digest_type = None
d = None
self.key = libcrypto.EVP_PKEY_new_mac_key(self.algorithm.nid, None,
key, len(key))
if self.key is None:
raise DigestError("EVP_PKEY_new_mac_key")
pctx = c_void_p()
self.ctx = libcrypto.EVP_MD_CTX_create()
if self.ctx == 0:
raise DigestError("Unable to create digest context")
if libcrypto.EVP_DigestSignInit(self.ctx, pointer(pctx), d, None,
self.key) <= 0:
raise DigestError("Unable to intialize digest context")
self.digest_finalized = False
if self.digest_type is None:
self.digest_type = DigestType(
Oid(libcrypto.EVP_MD_type(libcrypto.EVP_MD_CTX_md(self.ctx))))
for (name, val) in kwargs.items():
if libcrypto.EVP_PKEY_CTX_ctrl_str(pctx, name, val) <= 0:
raise DigestError("Unable to set mac parameter")
self.digest_size = self.digest_type.digest_size
self.block_size = self.digest_type.block_size
def testLookup(self):
d='1.2.643.100.3'
sn="SNILS"
long_name="Russian Pension security number"
o=create(d,sn,long_name)
x=Oid(sn)
self.assertEqual(o,x)
def testLookup(self):
d='1.2.643.9.100.99'
sn="CtypesCryptoTestOid"
long_name="Test Oid In CryptoCom Namespace"
o=create(d,sn,long_name)
x=Oid(sn)
self.assertEqual(o,x)
def testCleanup(self):
d='1.2.643.100.3'
sn="SNILS"
long_name="Russian Pension security number"
o=create(d,sn,long_name)
cleanup()
with self.assertRaises(ValueError):
x=Oid(sn)
def testFromObj(self):
from ctypescrypto import libcrypto
from ctypes import c_int, c_char_p, c_void_p
libcrypto.OBJ_txt2obj.argtypes = (c_char_p, c_int)
libcrypto.OBJ_txt2obj.restype = c_void_p
obj = libcrypto.OBJ_txt2obj("1.2.643.100.9", 1)
oid = Oid.fromobj(obj)
self.assertEqual(str(oid), '1.2.643.100.9')
def test_keyone(self):
key = create(
Oid("secp256k1"),
b16decode(
"2A71BA9DEA99BC1F7C104BAEC671EC7EFF8BFF969BB8D346DB4C3352A4699DC3",
True))
out = key.exportpriv()
self.assertEqual(out, self.ec1priv)
def test_createfromEVP_MD(self):
d1 = digest.DigestType("sha256")
d2 = digest.DigestType(None)
with self.assertRaises(AttributeError):
s = d2.name
d2.digest = d1.digest
self.assertEqual(d2.digest_size, 32)
self.assertEqual(d2.block_size, 64)
self.assertEqual(d2.oid, Oid("sha256"))
self.assertEqual(d2.name, 'sha256')
def CMS(data, format="PEM"):
"""
Parses CMS data and returns either SignedData or EnvelopedData
object
"""
bio = Membio(data)
if format == "PEM":
ptr = libcrypto.PEM_read_bio_CMS(bio.bio, None, None, None)
else:
ptr = libcrypto.d2i_CMS_bio(bio.bio, None)
typeoid = Oid(libcrypto.OBJ_obj2nid(libcrypto.CMS_get0_type(ptr)))
if typeoid.shortname() == "pkcs7-signedData":
return SignedData(ptr)
elif typeoid.shortname() == "pkcs7-envelopedData":
return EnvelopedData(ptr)
elif typeoid.shortname() == "pkcs7-encryptedData":
return EncryptedData(ptr)
else:
raise NotImplementedError("cannot handle "+typeoid.shortname())
def test_bignum(self):
keyval = b'\xff' * 32
key = create(Oid("secp256k1"), keyval)
keyblob = key.exportpriv()
if pyver > 2:
keyblob = keyblob.encode("ascii")
self.assertEqual(dump_key(keyblob), dump_key(self.bigkey))
keyblob2 = str(key)
if pyver > 2:
keyblob2 = keyblob2.encode('ascii')
self.assertEqual(keyblob2, dump_pub_key(self.bigkey))
def test_certstack1(self):
l = []
l.append(X509(self.cert1))
self.assertEqual(unicode(l[0].subject[Oid('CN')]), u'Виктор Вагнер')
l.append(X509(self.ca_cert))
l.append(X509(self.digicert_cert))
stack = StackOfX509(certs=l)
self.assertEqual(len(stack), 3)
self.assertTrue(isinstance(stack[1], X509))
self.assertEqual(unicode(stack[0].subject[Oid('CN')]),
u'Виктор Вагнер')
with self.assertRaises(IndexError):
c = stack[-1]
with self.assertRaises(IndexError):
c = stack[3]
del stack[1]
self.assertEqual(len(stack), 2)
self.assertEqual(unicode(stack[0].subject[Oid('CN')]),
u'Виктор Вагнер')
self.assertEqual(unicode(stack[1].subject[Oid('CN')]),
u'DigiCert High Assurance EV CA-1')
def CMS(data, format="PEM"):
"""
Factory function to create CMS objects from received messages.
Parses CMS data and returns either SignedData or EnvelopedData
object. format argument can be either "PEM" or "DER".
It determines object type from the contents of received CMS
structure.
"""
bio = Membio(data)
if format == "PEM":
ptr = libcrypto.PEM_read_bio_CMS(bio.bio, None, None, None)
else:
ptr = libcrypto.d2i_CMS_bio(bio.bio, None)
if ptr is None:
raise CMSError("Error parsing CMS data")
typeoid = Oid(libcrypto.OBJ_obj2nid(libcrypto.CMS_get0_type(ptr)))
if typeoid.shortname() == "pkcs7-signedData":
return SignedData(ptr)
elif typeoid.shortname() == "pkcs7-envelopedData":
return EnvelopedData(ptr)
elif typeoid.shortname() == "pkcs7-encryptedData":
return EncryptedData(ptr)
else:
raise NotImplementedError("cannot handle " + typeoid.shortname())
def __init__(self,algorithm,key,digest=None,**kwargs):
"""
Constructor has to obligatory arguments:
@param algorithm - which is name of MAC algorithm i.e 'hmac' or
'gost-mac' or equivalent Oid object
@param key - byte buffer with key.
Optional parameters are:
digest - Oid or name of the digest algorithm to use. If none
specified, OpenSSL will try to derive one from the MAC
algorithm (or if algorithm is hmac, we'll substititute md5
for compatibility with standard hmac module
any other keyword argument is passed to EVP_PKEY_CTX as string
option.
"""
if isinstance(algorithm,str):
self.algorithm=Oid(algorithm)
elif isinstance(algorithm,Oid):
self.algorithm=algorithm
else:
raise TypeError("Algorthm must be string or Oid")
if self.algorithm==Oid('hmac') and digest is None:
digest='md5'
self.name=self.algorithm.shortname().lower()
if digest is not None:
self.digest_type=DigestType(digest)
self.name+='-'+self.digest_type.digest_name
d=self.digest_type.digest
else:
self.digest_type=None
d=None
self.key=libcrypto.EVP_PKEY_new_mac_key(self.algorithm.nid,None,key,len(key))
if self.key is None:
raise DigestError("EVP_PKEY_new_mac_key")
pctx=c_void_p()
self.ctx = libcrypto.EVP_MD_CTX_create()
if self.ctx == 0:
raise DigestError("Unable to create digest context")
if libcrypto.EVP_DigestSignInit(self.ctx,pointer(pctx),d,None,self.key) <= 0:
raise DigestError("Unable to intialize digest context")
self.digest_finalized=False
if self.digest_type is None:
self.digest_type=DigestType(Oid(libcrypto.EVP_MD_type(libcrypto.EVP_MD_CTX_md(self.ctx))))
for (name,val) in kwargs.items():
if libcrypto.EVP_PKEY_CTX_ctrl_str(pctx,name,val)<=0:
raise DigestError("Unable to set mac parameter")
self.digest_size = self.digest_type.digest_size()
self.block_size = self.digest_type.block_size()
def test_certstack3(self):
l = []
l.append(X509(self.cert1))
self.assertEqual(unicode(l[0].subject[Oid('CN')]), u'Виктор Вагнер')
l.append(X509(self.ca_cert))
l.append(X509(self.digicert_cert))
stack = StackOfX509(certs=l)
stack2 = StackOfX509(ptr=stack.ptr, disposable=False)
with self.assertRaises(ValueError):
stack3 = StackOfX509(ptr=stack.ptr, certs=l)
with self.assertRaises(ValueError):
stack2[1] = l[0]
with self.assertRaises(ValueError):
stack2.append(l[0])
def test_keyone(self):
key = create(
Oid("secp256k1"),
b16decode(
"2A71BA9DEA99BC1F7C104BAEC671EC7EFF8BFF969BB8D346DB4C3352A4699DC3",
True))
out = key.exportpriv()
if pyver > 2:
out = out.encode("ascii")
self.assertEqual(dump_key(out), dump_key(self.ec1priv))
if pyver == 2:
self.assertEqual(str(key), dump_pub_key(self.ec1priv))
else:
self.assertEqual(
str(key).encode("ascii"), dump_pub_key(self.ec1priv))
def test_certstack2(self):
stack = StackOfX509()
stack.append(X509(self.cert1))
stack.append(X509(self.ca_cert))
c = stack[1]
stack[1] = X509(self.digicert_cert)
self.assertEqual(len(stack), 2)
self.assertEqual(unicode(stack[1].subject[Oid('CN')]),
u'DigiCert High Assurance EV CA-1')
with self.assertRaises(IndexError):
stack[-1] = c
with self.assertRaises(IndexError):
stack[3] = c
with self.assertRaises(TypeError):
stack[0] = self.cert1
with self.assertRaises(TypeError):
stack.append(self.cert1)
def __getitem__(self, key):
if isinstance(key, Oid):
# Return first matching field
idx = libcrypto.X509_NAME_get_index_by_NID(self.ptr, key.nid, -1)
if idx < 0:
raise KeyError("Key not found " + str(Oid))
entry = libcrypto.X509_NAME_get_entry(self.ptr, idx)
value = libcrypto.X509_NAME_ENTRY_get_data(entry)
bio = Membio()
libcrypto.ASN1_STRING_print_ex(bio.bio, value, self.PRINT_FLAG)
return chartype(bio)
elif isinstance(key, inttype):
# Return OID, string tuple
entry = libcrypto.X509_NAME_get_entry(self.ptr, key)
if entry is None:
raise IndexError("name entry index out of range")
oid = Oid.fromobj(libcrypto.X509_NAME_ENTRY_get_object(entry))
value = libcrypto.X509_NAME_ENTRY_get_data(entry)
bio = Membio()
libcrypto.ASN1_STRING_print_ex(bio.bio, value, self.PRINT_FLAG)
return (oid, chartype(bio))
else:
raise TypeError("X509 NAME can be indexed by Oids or integers only")
def CMS(data, format="PEM"):
"""
Parses CMS data and returns either SignedData or EnvelopedData
object
"""
bio = Membio(data)
if format == "PEM":
ptr = libcrypto.PEM_read_bio_CMS(bio.bio, None, None, None)
else:
ptr = libcrypto.d2i_CMS_bio(bio.bio, None)
if ptr is None:
raise CMSError("Error parsing CMS data")
typeoid = Oid(libcrypto.OBJ_obj2nid(libcrypto.CMS_get0_type(ptr)))
if typeoid.shortname() == "pkcs7-signedData":
return SignedData(ptr)
elif typeoid.shortname() == "pkcs7-envelopedData":
return EnvelopedData(ptr)
elif typeoid.shortname() == "pkcs7-encryptedData":
return EncryptedData(ptr)
else:
raise NotImplementedError("cannot handle " + typeoid.shortname())
def test_extension_oid(self):
cert = X509(self.cert1)
ext = cert.extensions[0]
ext_id = ext.oid
self.assertTrue(isinstance(ext_id, Oid))
self.assertEqual(ext_id, Oid('basicConstraints'))
def test_subjectfieldindex(self):
c = X509(self.cert1)
self.assertEqual(repr(c.subject[0]), repr((Oid('C'), u'RU')))
def test_subjectbadsubfield(self):
c = X509(self.cert1)
with self.assertRaises(KeyError):
x = c.subject[Oid("streetAddress")]
def test_subjectmodify(self):
c = X509(self.cert1)
with self.assertRaises(ValueError):
c.subject[Oid("CN")] = u'Foo'
with self.assertRaises(ValueError):
del c.subject[Oid('CN')]
def test_hmac_byoid(self):
d = MAC(Oid('hmac'), key=b'1234' * 4)
d.update(b'The Quick brown fox jumps over the lazy dog\n')
self.assertEqual(d.name, 'hmac-md5')
self.assertEqual(d.hexdigest(), 'A9C16D91CDF2A99273B72336D0D16B56')
def test_bignum(self):
keyval = '\xff' * 32
key = create(Oid("secp256k1"), keyval)
self.assertEqual(key.exportpriv(), self.bigkey)
def test_wrongtype(self):
with self.assertRaises(TypeError):
o=Oid([2,5,3,4])
def oid(self):
"Returns OID of the extension"
return Oid.fromobj(self.ptr[0].object)
def oid(self):
"""
Returns ASN.1 object identifier of the cipher as
ctypescrypto.oid.Oid object
"""
return Oid(libcrypto.EVP_CIPHER_nid(self.cipher))
def test_fromunicode(self): o=Oid(u'commonName') self.assertEqual(o.shortname(),'CN')
def test_extenson_find(self):
cert = X509(self.cert1)
exts = cert.extensions.find(Oid('subjectAltName'))
self.assertEqual(len(exts), 1)
self.assertEqual(exts[0].oid, Oid('subjectAltName'))
def test_mac_wrongtype(self):
with self.assertRaises(TypeError):
d = MAC(Oid('hmac').nid, key=b'1234' * 4)
def test_wrongnid(self):
with self.assertRaises(ValueError):
o=Oid(9999999)
class MAC(Digest):
"""
This object represents MAC context. It is quite simular
to digest algorithm. It is simular to hmac objects provided
by standard library
"""
def __init__(self,algorithm,key,digest=None,**kwargs):
"""
Constructor has to obligatory arguments:
@param algorithm - which is name of MAC algorithm i.e 'hmac' or
'gost-mac' or equivalent Oid object
@param key - byte buffer with key.
Optional parameters are:
digest - Oid or name of the digest algorithm to use. If none
specified, OpenSSL will try to derive one from the MAC
algorithm (or if algorithm is hmac, we'll substititute md5
for compatibility with standard hmac module
any other keyword argument is passed to EVP_PKEY_CTX as string
option.
"""
if isinstance(algorithm,str):
self.algorithm=Oid(algorithm)
elif isinstance(algorithm,Oid):
self.algorithm=algorithm
else:
raise TypeError("Algorthm must be string or Oid")
if self.algorithm==Oid('hmac') and digest is None:
digest='md5'
self.name=self.algorithm.shortname().lower()
if digest is not None:
self.digest_type=DigestType(digest)
self.name+='-'+self.digest_type.digest_name
d=self.digest_type.digest
else:
self.digest_type=None
d=None
self.key=libcrypto.EVP_PKEY_new_mac_key(self.algorithm.nid,None,key,len(key))
if self.key is None:
raise DigestError("EVP_PKEY_new_mac_key")
pctx=c_void_p()
self.ctx = libcrypto.EVP_MD_CTX_create()
if self.ctx == 0:
raise DigestError("Unable to create digest context")
if libcrypto.EVP_DigestSignInit(self.ctx,pointer(pctx),d,None,self.key) <= 0:
raise DigestError("Unable to intialize digest context")
self.digest_finalized=False
if self.digest_type is None:
self.digest_type=DigestType(Oid(libcrypto.EVP_MD_type(libcrypto.EVP_MD_CTX_md(self.ctx))))
for (name,val) in kwargs.items():
if libcrypto.EVP_PKEY_CTX_ctrl_str(pctx,name,val)<=0:
raise DigestError("Unable to set mac parameter")
self.digest_size = self.digest_type.digest_size()
self.block_size = self.digest_type.block_size()
def digest(self,data=None):
"""
Method digest is redefined to return keyed MAC value instead of
just digest.
"""
if data is not None:
self.update(data)
b=create_string_buffer(256)
size=c_size_t(256)
if libcrypto.EVP_DigestSignFinal(self.ctx,b,pointer(size))<=0:
raise DigestError('SignFinal')
self.digest_finalized=True
return b.raw[:size.value]
def oid(self): return Oid.fromobj(self.ptr[0].object)
