def test_vec0(self):
password = Bytes(b'password')
salt = Bytes(0x78578E5A5D63CB06)
expected_result = Bytes(0xDC19847E05C64D2FAF10EBFB4A3D2A20)
kdf = PBKDF1(SHA1().hash, 16, 1000)
self.assertEqual(kdf.derive(password, salt), expected_result)
def test_sha1(self):
sha1 = SHA1()
for i in range(9):
for _ in range(100):
in_bytes = Bytes.random(i * 32)
self.assertEqual(sha1.hash(in_bytes),
hashlib.sha1(in_bytes).digest())
def test_totp_correctness(self):
sha1, sha256, sha512 = SHA1(), SHA256(), SHA512()
sha1_seed = Bytes(0x3132333435363738393031323334353637383930)
sha256_seed = Bytes(
0x3132333435363738393031323334353637383930313233343536373839303132)
sha512_seed = Bytes(
0x31323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334
)
seed_dict = {sha1: sha1_seed, sha256: sha256_seed, sha512: sha512_seed}
expected_values = [(59, '94287082', sha1), (59, '46119246', sha256),
(59, '90693936', sha512),
(1111111109, '07081804', sha1),
(1111111109, '68084774', sha256),
(1111111109, '25091201', sha512),
(1111111111, '14050471', sha1),
(1111111111, '67062674', sha256),
(1111111111, '99943326', sha512),
(1234567890, '89005924', sha1),
(1234567890, '91819424', sha256),
(1234567890, '93441116', sha512)]
for request_time, expected_code, hash_obj in expected_values:
hotp = HOTP(key=seed_dict[hash_obj],
digits=8,
counter=DummyCounter(request_time // 30),
hash_obj=hash_obj)
code = hotp.generate()
self.assertEqual(code, expected_code)
def test_vec20(self):
message = b'sample'
H = SHA1()
k = 0x882905F1227FD620FBF2ABF21244F0BA83D0DC3A9103DBBEE43A1FB858109DB4
r = 0x61340C88C3AAEBEB4F6D667F672CA9759A6CCAA9FA8811313039EE4A35471D32
s = 0x6D7F147DAC089441BB2E2FE8F7A3FA264B9C475098FDCF6E00D7C996E1B8B7EB
self._run_256(message, H, k, (r, s))
def test_vec10(self):
message = b'sample'
H = SHA1()
k = 0x7EEFADD91110D8DE6C2C470831387C50D3357F7F4D477054B8B426BC
r = 0x22226F9D40A96E19C4A301CE5B74B115303C0F3A4FD30FC257FB57AC
s = 0x66D1CDD83E3AF75605DD6E2FEFF196D30AA7ED7A2EDF7AF475403D69
self._run_224(message, H, k, (r, s))
def test_vec15(self):
message = b'test'
H = SHA1()
k = 0x2519178F82C3F0E4F87ED5883A4E114E5B7A6E374043D8EFD329C253
r = 0xDEAA646EC2AF2EA8AD53ED66B2E2DDAA49A12EFD8356561451F3E21C
s = 0x95987796F6CF2062AB8135271DE56AE55366C045F6D9593F53787BD2
self._run_224(message, H, k, (r, s))
def test_vec0(self):
message = b'sample'
H = SHA1()
k = 0x37D7CA00D2C7B0E5E412AC03BD44BA837FDD5B28CD3B0021
r = 0x98C6BD12B23EAF5E2A2045132086BE3EB8EBD62ABF6698FF
s = 0x57A22B07DEA9530F8DE9471B1DC6624472E8E2844BC25B64
self._run_192(message, H, k, (r, s))
def test_vec5(self):
message = b'test'
H = SHA1()
k = 0xD9CF9C3D3297D3260773A1DA7418DB5537AB8DD93DE7FA25
r = 0x0F2141A0EBBC44D2E1AF90A50EBCFCE5E197B3B7D4DE036D
s = 0xEB18BC9E1F3D7387500CB99CF5F7C157070A8961E38700B7
self._run_192(message, H, k, (r, s))
def test_vec30(self):
message = b'sample'
H = SHA1()
k = 0x089C071B419E1C2820962321787258469511958E80582E95D8378E0C2CCDB3CB42BEDE42F50E3FA3C71F5A76724281D31D9C89F0F91FC1BE4918DB1C03A5838D0F9
r = 0x0343B6EC45728975EA5CBA6659BBB6062A5FF89EEA58BE3C80B619F322C87910FE092F7D45BB0F8EEE01ED3F20BABEC079D202AE677B243AB40B5431D497C55D75D
s = 0x0E7B0E675A9B24413D448B8CC119D2BF7B2D2DF032741C096634D6D65D0DBE3D5694625FB9E8104D3B842C1B0E2D0B98BEA19341E8676AEF66AE4EBA3D5475D5D16
self._run_521(message, H, k, (r, s))
def test_vec35(self):
message = b'test'
H = SHA1()
k = 0x0BB9F2BF4FE1038CCF4DABD7139A56F6FD8BB1386561BD3C6A4FC818B20DF5DDBA80795A947107A1AB9D12DAA615B1ADE4F7A9DC05E8E6311150F47F5C57CE8B222
r = 0x13BAD9F29ABE20DE37EBEB823C252CA0F63361284015A3BF430A46AAA80B87B0693F0694BD88AFE4E661FC33B094CD3B7963BED5A727ED8BD6A3A202ABE009D0367
s = 0x1E9BB81FF7944CA409AD138DBBEE228E1AFCC0C890FC78EC8604639CB0DBDC90F717A99EAD9D272855D00162EE9527567DD6A92CBD629805C0445282BBC916797FF
self._run_521(message, H, k, (r, s))
class X509RSASigningAlgorithms(Enum):
sha1WithRSAEncryption = X509RSASignature('sha1WithRSAEncryption', SHA1())
sha224WithRSAEncryption = X509RSASignature('sha224WithRSAEncryption', SHA224())
sha256WithRSAEncryption = X509RSASignature('sha256WithRSAEncryption', SHA256())
sha384WithRSAEncryption = X509RSASignature('sha384WithRSAEncryption', SHA384())
sha512WithRSAEncryption = X509RSASignature('sha512WithRSAEncryption', SHA512())
sha512_224WithRSAEncryption = X509RSASignature('sha512-224WithRSAEncryption', SHA512(trunc=224))
sha512_256WithRSAEncryption = X509RSASignature('sha512-256WithRSAEncryption', SHA512(trunc=256))
def test_vec25(self):
message = b'test'
H = SHA1()
k = 0x8C9520267C55D6B980DF741E56B4ADEE114D84FBFA2E62137954164028632A2E
r = 0x0CBCC86FD6ABD1D99E703E1EC50069EE5C0B4BA4B9AC60E409E8EC5910D81A89
s = 0x01B9D7B73DFAA60D5651EC4591A0136F87653E0FD780C3B1BC872FFDEAE479B1
self._run_256(message, H, k, (r, s))
def test_length_extension(self):
secret = b'mysecret'
message = b'mymessage'
for alg in [MD4(), MD5(), SHA1(), SHA256(), SHA512(), RIPEMD160()]:
observed = alg.hash(secret + message)
payload, new_hash = alg.length_extension(observed,
message, b'evilbytes!',
len(secret))
self.assertEqual(alg.hash(secret + payload), new_hash)
def test_vec4(self):
hash_obj = SHA1()
ikm = Bytes(0x0b0b0b0b0b0b0b0b0b0b0b)
salt = Bytes(0x000102030405060708090a0b0c).zfill(13)
info = Bytes(0xf0f1f2f3f4f5f6f7f8f9)
L = 42
okm = Bytes(
0x085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896
)
self._run_test(hash_obj, L, ikm, salt, info, okm)
def __init__(self, modulus_len: int, mgf: FunctionType=MGF1, hash_obj: object=SHA1(), salt_len: int=8):
"""
Parameters:
modulus_len (int): Length of the RSA modulus, i.e. RSA bit strength.
mgf (func): Mask generation function. Takes in `seed` and `length` and returns bytes.
hash_obj (object): Instantiated object with compatible hash interface.
salt_len (int): Length of salt to generate if salt is not explicitly provided.
"""
self.modulus_len = modulus_len
self.mgf = mgf
self.hash_obj = hash_obj
self.salt_len = salt_len
def __init__(self, modulus_len: int, mgf: FunctionType=MGF1, hash_obj: object=SHA1(), label: bytes=b''):
"""
Parameters:
modulus_len (int): Length of the RSA modulus, i.e. RSA bit strength.
mgf (func): Mask generation function. Takes in `seed` and `length` and returns bytes.
hash_obj (object): Instantiated object with compatible hash interface.
label (bytes): (Optional) Arbitrary and application-specific 'label.'
"""
self.mgf = mgf
self.hash_obj = hash_obj
self.label = label
self.modulus_len = modulus_len
def __init__(self,
key: bytes,
hash_obj: object = SHA1(),
digits: int = 6,
counter: object = IncrementingCounter(0)):
"""
Parameters:
key (bytes): Shared key.
hash_obj (object): Instantiated hash object.
digits (int): Number of digits to generate.
counter (int): Initial counter.
"""
self.hmac = HMAC(key, hash_obj)
self.digits = digits
self.counter = counter
def MGF1(seed: bytes, length: int, hash_obj: object=SHA1()) -> Bytes:
"""
Peforms the mask generation function v1 from RFC3447 B.2.1.
Parameters:
seed (bytes): Initial value.
length (int): Length of mask to produce.
Returns:
Bytes: Mask.
"""
mask = b''
for i in range((length + hash_obj.digest_size - 1) // hash_obj.digest_size):
mask += hash_obj.hash(seed + Bytes(i).zfill(4))
return mask[:length]
def test_vec5(self):
hash_obj = SHA1()
ikm = Bytes(
0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f
).zfill(80)
salt = Bytes(
0x606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf
)
info = Bytes(
0xb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff
)
L = 82
okm = Bytes(
0x0bd770a74d1160f7c9f12cd5912a06ebff6adcae899d92191fe4305673ba2ffe8fa3f1a4e5ad79f3f334b3b202b2173c486ea37ce3d397ed034c7f9dfeb15c5e927336d0441f4c4300e2cff0d0900b52d3b4
)
self._run_test(hash_obj, L, ikm, salt, info, okm)
def _run_test(self, identity, password, salt, N, g, a, b, expected_A, expected_B, expected_v, expected_k):
hash_obj = SHA1()
server = SRPServer(N=N, g=g, b=b, hash_obj=hash_obj)
server.salt = salt
server.create_account(identity=identity, password=password)
# Create client
client = SRPClient(identity=identity, password=password, N=N, g=g, a=a, hash_obj=hash_obj)
# Execute authentication protocol
identity, A = client.make_request()
salt, B = server.respond_with_challenge(identity, A)
client_hash = client.perform_challenge(salt, B)
self.assertEqual(A, expected_A)
self.assertEqual(B, expected_B)
self.assertEqual(server.accounts[identity], expected_v)
self.assertEqual(server.k, expected_k)
self.assertEqual(client.k, expected_k)
self.assertTrue(server.check_challenge(identity, client_hash))
JWAContentEncryptionAlg.A192CBC_HS384:
JWA_ACBC_HS(SHA384()),
JWAContentEncryptionAlg.A256CBC_HS512:
JWA_ACBC_HS(SHA512()),
JWAContentEncryptionAlg.A128GCM:
JWA_AGCM(128),
JWAContentEncryptionAlg.A192GCM:
JWA_AGCM(192),
JWAContentEncryptionAlg.A256GCM:
JWA_AGCM(256),
# JWE Key-Encryption Algorithms
JWAKeyEncryptionAlg.RSA1_5:
JWA_RSA1_5(),
JWAKeyEncryptionAlg.RSA_OAEP:
JWA_RSA_OAEP(SHA1()),
JWAKeyEncryptionAlg.RSA_OAEP_256:
JWA_RSA_OAEP(SHA256()),
JWAKeyEncryptionAlg.A128KW:
JWA_AKW(),
JWAKeyEncryptionAlg.A192KW:
JWA_AKW(),
JWAKeyEncryptionAlg.A256KW:
JWA_AKW(),
JWAKeyEncryptionAlg.dir:
JWA_Dir(),
JWAKeyEncryptionAlg.ECDH_ES:
JWA_ECDH_ES(),
JWAKeyEncryptionAlg.ECDH_ES_plus_A128KW:
JWA_ECDH_ES_AKW(128),
JWAKeyEncryptionAlg.ECDH_ES_plus_A192KW:
class X509DSASigningAlgorithms(Enum):
id_dsa_with_sha1 = X509DSASignature('id-dsa-with-sha1', SHA1())
id_dsa_with_sha224 = X509DSASignature('id-dsa-with-sha224', SHA224())
id_dsa_with_sha256 = X509DSASignature('id-dsa-with-sha256', SHA256())
def encode(cls, pki_key: object, **kwargs):
# Algorithm ID
alg_oid = cls.ALG_OID if type(
cls.ALG_OID) is str else cls.ALG_OID(pki_key)
alg_id = rfc2459.AlgorithmIdentifier()
alg_id['algorithm'] = ObjectIdentifier(alg_oid)
if cls.PARAM_ENCODER:
alg_id['parameters'] = Any(
encoder.encode(cls.PARAM_ENCODER.encode(pki_key)))
# Serial number
serial_num = rfc2459.CertificateSerialNumber(
kwargs.get('serial_number') or 0)
# Validity (time valid)
not_before = kwargs.get('not_before') or datetime.now()
not_after = kwargs.get('not_after') or not_before.replace(
year=not_before.year + 1)
validity = rfc2459.Validity()
validity['notBefore'] = rfc2459.Time()
validity['notBefore']['utcTime'] = UTCTime.fromDateTime(not_before)
validity['notAfter'] = rfc2459.Time()
validity['notAfter']['utcTime'] = UTCTime.fromDateTime(not_after)
# Public key serialization
pub_info = rfc2459.SubjectPublicKeyInfo()
pub_info['algorithm'] = alg_id
pub_info['subjectPublicKey'] = cls.PUB_KEY_ENCODER.encode(pki_key)
# Issuer RDN
issuer = rfc2459.Name()
issuer.setComponentByPosition(
0, parse_rdn(kwargs.get('issuer') or 'CN=ca'))
# Subject RDN
subject = rfc2459.Name()
subject.setComponentByPosition(
0, parse_rdn(kwargs.get('subject') or 'CN=ca'))
# Signature algorithm
signing_key = kwargs.get('signing_key') or pki_key
if not (kwargs.get('signing_alg')
or hasattr(signing_key, "X509_SIGNING_DEFAULT")):
raise ValueError(
"'signing_alg' not specified and 'signing_key' has no default algorithm"
)
signing_alg = (kwargs.get('signing_alg')
or signing_key.X509_SIGNING_DEFAULT).value
signature_alg = rfc2459.AlgorithmIdentifier()
signature_alg['algorithm'] = SIGNING_ALG_OIDS[signing_alg.name]
if cls.PARAM_ENCODER:
signature_alg['parameters'] = Any(
encoder.encode(cls.PARAM_ENCODER.encode(pki_key)))
# Extensions
extensions = rfc2459.Extensions().subtype(
explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))
if kwargs.get('ca') and kwargs.get('ca') == True:
# SKI
pkey_bytes = Bytes(int(pub_info['subjectPublicKey']))
ski_ext = rfc2459.Extension()
ski_ext['extnID'] = ObjectIdentifier([2, 5, 29, 14])
ski_ext['extnValue'] = OctetString(
encoder.encode(
rfc2459.SubjectKeyIdentifier(SHA1().hash(pkey_bytes))))
# CA basic constraint
ca_value = rfc2459.BasicConstraints()
ca_value.setComponentByName('cA', True)
ca_ext = rfc2459.Extension()
ca_ext.setComponentByName('extnID', '2.5.29.19')
ca_ext.setComponentByName('critical', True)
ca_ext.setComponentByName('extnValue',
OctetString(encoder.encode(ca_value)))
extensions.setComponentByPosition(0, ski_ext)
extensions.setComponentByPosition(1, ca_ext)
# Put together the TBSCert
tbs_cert = rfc2459.TBSCertificate()
tbs_cert['version'] = 2
tbs_cert['serialNumber'] = serial_num
tbs_cert['signature'] = signature_alg
tbs_cert['issuer'] = issuer
tbs_cert['validity'] = validity
tbs_cert['subject'] = subject
tbs_cert['subjectPublicKeyInfo'] = pub_info
tbs_cert['issuerUniqueID'] = kwargs.get('issuer_unique_id') or 10
tbs_cert['subjectUniqueID'] = kwargs.get('subject_unique_id') or 11
if len(extensions):
tbs_cert['extensions'] = extensions
# Inject or compute the TBSCert signature
if kwargs.get('signature_value') is not None:
sig_value = Bytes.wrap(kwargs.get('signature_value')).int()
else:
encoded_tbs = encoder.encode(tbs_cert,
asn1Spec=rfc2459.TBSCertificate())
sig_value = signing_alg.sign(signing_key, encoded_tbs)
# Build the Cert object
cert = rfc2459.Certificate()
cert['tbsCertificate'] = tbs_cert
cert['signatureAlgorithm'] = signature_alg
cert['signatureValue'] = sig_value
encoded = encoder.encode(cert, asn1Spec=rfc2459.Certificate())
return X509Certificate.transport_encode(encoded, **kwargs)
