def testC04DSAv4UID(self):
"crypto.signature: verify_DSA() v4 user ID by hand"
keypkt, uidpkt, sigpkt = list_pkts(dsapubkey_d)[:3]
# two octet primary key length (packet body)
keylen = int2quadoct(keypkt.length.size)[-2:]
# four octet user ID length (packet body)
uidlen = int2quadoct(uidpkt.length.size)
context = sha.new('\x99'+keylen+keypkt.body._d+'\xb4'+uidlen+uidpkt.body._d+sigpkt.body.hashed_data).digest()
sigtup = (sigpkt.body.DSA_r.value, sigpkt.body.DSA_s.value)
keytup = (keypkt.body.DSA_y.value, keypkt.body.DSA_g.value, keypkt.body.DSA_p.value, keypkt.body.DSA_q.value)
self.assertEqual(1, verify_DSA(context, sigtup, keytup))
def testC05DSAv4Subkey(self):
"crypto.signature: verify_DSA() v4 subkey by hand"
pkts = list_pkts(dsapubkey_d)
keypkt, subkeypkt, sigpkt = pkts[0], pkts[3], pkts[4]
# two octet primary key length (packet body)
keylen = int2quadoct(keypkt.length.size)[-2:]
# two octet subkey length (packet body)
subkeylen = int2quadoct(subkeypkt.length.size)[-2:]
context = sha.new('\x99'+keylen+keypkt.body._d+'\x99'+subkeylen+subkeypkt.body._d+sigpkt.body.hashed_data).digest()
sigtup = (sigpkt.body.DSA_r.value, sigpkt.body.DSA_s.value)
keytup = (keypkt.body.DSA_y.value, keypkt.body.DSA_g.value, keypkt.body.DSA_p.value, keypkt.body.DSA_q.value)
self.assertEqual(1, verify_DSA(context, sigtup, keytup))
def testC04DSAv4UID(self):
"crypto.signature: verify_DSA() v4 user ID by hand"
keypkt, uidpkt, sigpkt = list_pkts(dsapubkey_d)[:3]
# two octet primary key length (packet body)
keylen = int2quadoct(keypkt.length.size)[-2:]
# four octet user ID length (packet body)
uidlen = int2quadoct(uidpkt.length.size)
context = sha.new('\x99' + keylen + keypkt.body._d + '\xb4' + uidlen +
uidpkt.body._d + sigpkt.body.hashed_data).digest()
sigtup = (sigpkt.body.DSA_r.value, sigpkt.body.DSA_s.value)
keytup = (keypkt.body.DSA_y.value, keypkt.body.DSA_g.value,
keypkt.body.DSA_p.value, keypkt.body.DSA_q.value)
self.assertEqual(1, verify_DSA(context, sigtup, keytup))
def testC07SubkeyRevocation(self):
"crypto.signature: verify_DSA() subkey revocation by hand"
d = read_test_file(['pgpfiles','key','DSAELG2.subkeyrevoc.gpg'])
keymsg = list_msgs(list_pkts(d))[0]
revblock = keymsg._b_subkeys['90AFB828686B6E9A'] # known revoked block
key = keymsg._b_primary.leader
sig = revblock.local_bindings[0]
subkey = revblock.leader
l1 = int2quadoct(len(key.body._d))[-2:]
l2 = int2quadoct(len(subkey.body._d))[-2:]
context = sha.new('\x99'+l1+key.body._d+'\x99'+l2+subkey.body._d+sig.body.hashed_data).digest()
sigtup = (sig.body.DSA_r.value, sig.body.DSA_s.value)
keytup = (key.body.DSA_y.value, key.body.DSA_g.value, key.body.DSA_p.value, key.body.DSA_q.value)
self.assertEqual(1, verify_DSA(context, sigtup, keytup))
def testC05DSAv4Subkey(self):
"crypto.signature: verify_DSA() v4 subkey by hand"
pkts = list_pkts(dsapubkey_d)
keypkt, subkeypkt, sigpkt = pkts[0], pkts[3], pkts[4]
# two octet primary key length (packet body)
keylen = int2quadoct(keypkt.length.size)[-2:]
# two octet subkey length (packet body)
subkeylen = int2quadoct(subkeypkt.length.size)[-2:]
context = sha.new('\x99' + keylen + keypkt.body._d + '\x99' +
subkeylen + subkeypkt.body._d +
sigpkt.body.hashed_data).digest()
sigtup = (sigpkt.body.DSA_r.value, sigpkt.body.DSA_s.value)
keytup = (keypkt.body.DSA_y.value, keypkt.body.DSA_g.value,
keypkt.body.DSA_p.value, keypkt.body.DSA_q.value)
self.assertEqual(1, verify_DSA(context, sigtup, keytup))
def testC07SubkeyRevocation(self):
"crypto.signature: verify_DSA() subkey revocation by hand"
d = read_test_file(['pgpfiles', 'key', 'DSAELG2.subkeyrevoc.gpg'])
keymsg = list_msgs(list_pkts(d))[0]
revblock = keymsg._b_subkeys['90AFB828686B6E9A'] # known revoked block
key = keymsg._b_primary.leader
sig = revblock.local_bindings[0]
subkey = revblock.leader
l1 = int2quadoct(len(key.body._d))[-2:]
l2 = int2quadoct(len(subkey.body._d))[-2:]
context = sha.new('\x99' + l1 + key.body._d + '\x99' + l2 +
subkey.body._d + sig.body.hashed_data).digest()
sigtup = (sig.body.DSA_r.value, sig.body.DSA_s.value)
keytup = (key.body.DSA_y.value, key.body.DSA_g.value,
key.body.DSA_p.value, key.body.DSA_q.value)
self.assertEqual(1, verify_DSA(context, sigtup, keytup))
def __set_v4(self, created=0):
d = []
d.append('\x04')
if 0 != created:
d.append(STN.int2quadoct(created))
else: # TODO for the time being
d.append('?\n0\xef')
return ''.join(d)
def __set_v4(self, created=0):
d = []
d.append('\x04')
if 0 != created:
d.append(STN.int2quadoct(created))
else: # TODO for the time being
d.append('?\n0\xef')
return ''.join(d)
def create_NewLength(length, partial=False):
"""Create a NewLength instance.
:Parameters:
- `length`: integer octet count of corresponding packet body
- `partial`: optional True or False (default False), whether
or not this is a partial length
:Returns: `OpenPGP.packet.NewLength` instance
"""
if length < 192:
return NewLength(chr(length))
elif 192 <= length < 8383:
return NewLength(STN.int2doubleoct(length))
elif length <= 4294967295: # five oct header
return NewLength('\xff' + STN.int2quadoct(length))
else:
raise PGPFormatError("Subpacket value exceeded maximum size.")
def create_NewLength(length, partial=False):
"""Create a NewLength instance.
:Parameters:
- `length`: integer octet count of corresponding packet body
- `partial`: optional True or False (default False), whether
or not this is a partial length
:Returns: `OpenPGP.packet.NewLength` instance
"""
if length < 192:
return NewLength(chr(length))
elif 192 <= length < 8383:
return NewLength(STN.int2doubleoct(length))
elif length <= 4294967295: # five oct header
return NewLength('\xff' + STN.int2quadoct(length))
else:
raise PGPFormatError("Subpacket value exceeded maximum size.")
def hash_context(version, hashalg, sigtype, sigcontext, target, primary):
"""Perform the signature hash.
:Parameters:
- `version`: int signature version
- `hashalg`: int hash code
- `sigtype`: int signature type
- `sigcontext`: read()-able instance
- `target`: "appropriate" target (packet, message, etc..)
- `primary`: primary key packet
:Returns: string message hash
"""
context = StringIO()
if primary:
# verify secret key bindings w/ only public portion of the key
if primary.tag.type in [PKT_PRIVATEKEY, PKT_PRIVATESUBKEY]:
primary_body_d = primary.body._d[:primary.body._private_idx]
else:
primary_body_d = primary.body._d
# calc spliced length by hand, get double oct representation
primary_body_d_len = STN.int2quadoct(len(primary_body_d))[-2:]
if sigtype in [SIG_BINARY, SIG_TEXT]:
if hasattr(target, 'literals'): # literal message exception
data = ''.join([x.body.data for x in target.literals])
elif target:
try: # ..to use the data that comprises the message
data = target.rawstr()
except AttributeError:
data = str(target)
else:
raise NotImplementedError("Invalid signature target.")
if SIG_TEXT == sigtype: # normalize, canonicalize, and strip
data = data.replace('\r\n', '\n').replace('\n', '\r\n').strip()
context.write(data)
## user ID sigs ..woulda thought cert revocs were on sig pkts
elif sigtype in [SIG_GENERIC, SIG_PERSONA, SIG_CASUAL, SIG_POSITIVE,
SIG_CERTREVOC]:
userpkt = target # user ID or user attribute packet
context.write('\x99')
context.write(primary_body_d_len) # bind primary
context.write(primary_body_d) # len & str
if version in [2, 3]:
pass
elif 4 == version:
if PKT_USERID == userpkt.tag.type: # header
context.write('\xb4')
elif PKT_USERATTR == userpkt.tag.type:
context.write('\xd1')
elif PKT_SIGNATURE == userpkt.tag.type:
raise NotImplementedError("Signature revocation(?) in a quandry.")
else:
raise NotImplementedError("Certifications only for user ID/attribute?")
context.write(STN.int2quadoct(userpkt.length.size)) # length
context.write(userpkt.body._d) # data
## key packet sigs
elif sigtype in [SIG_SUBKEYBIND, SIG_SUBKEYREVOC, SIG_DIRECT]:
keypkt = target # target key pkt, primary or otherwise
if primary and primary != keypkt: # explicit primary (prevent doubles)
context.write('\x99')
context.write(primary_body_d_len)
context.write(primary_body_d)
# verify secret key bindings with only public portion of the key
if keypkt.tag.type in [PKT_PRIVATEKEY, PKT_PRIVATESUBKEY]:
keypkt_body_d = keypkt.body._d[:keypkt.body._private_idx]
else:
keypkt_body_d = keypkt.body._d
context.write('\x99')
context.write(STN.int2quadoct(len(keypkt_body_d))[-2:])
context.write(keypkt_body_d)
elif SIG_KEYREVOC == sigtype:
context.write(target.rawstr()) # the key (packet) being revoked
## weird sigs
elif SIG_STANDALONE == sigtype:
raise NotImplementedError, "Haven't got around to SIG_STANDALONE"
elif SIG_TIMESTAMP == sigtype:
raise NotImplementedError, "Haven't got around to SIG_TIMESTAMP"
elif SIG_THIRDPARTY == sigtype:
raise NotImplementedError, "Haven't got around to SIG_THIRDPARTY"
else:
raise NotImplementedError, "Signature type->(%s) is not supported" % sigtype
context.write(sigcontext.read())
context.seek(0)
try:
if hashalg == HASH_MD5:
import md5
hashed_target = md5.new(context.read()).digest()
elif hashalg == HASH_SHA1:
import sha
hashed_target = sha.new(context.read()).digest()
else:
raise NotImplementedError, "Unsupported signature hash algorithm->(%s)" % hashalg
finally:
context.close()
return hashed_target
if 3 == version: ################### v3
ctx_write(int2str(sigtype)[0]) # signature type
ctx_write(int2str(kwords['created'])[:4]) # creation timestamp
elif 4 == version: ################### v4
ctx_write('\x04') # version
ctx_write(int2str(sigtype)[0]) # signature type
ctx_write(int2str(keyalg)[0]) # public key alg
ctx_write(int2str(hashalg)[0]) # hash algorithm
subhash = ''.join([x._d for x in hashed_subpkts])
ctx_write(STN.prepad(2, int2str(len(subhash)))) # hashed len
ctx_write(subhash) # hashed subpkts
ctx_len = ctx.tell()
ctx_write('\x04\xff') # start trailer
ctx_write(STN.int2quadoct(ctx_len)[-4:]) # hashed data length
else:
raise NotImplementedError("Signature version->(%s) is not supported." % version)
ctx.seek(0)
ctx_hash = hash_context(version, hashalg, sigtype, ctx, target, primary)
ctx.close()
if keyalg in [ASYM_RSA_S, ASYM_RSA_EOS]:
ctx_hash = pad_rsa(hashalg, ctx_hash, signer.body.RSA_n.bit_length)
keytup = signer.body.RSA_n.value, seckey
sigtup = sign_RSA(ctx_hash, keytup), # coerce tuple for sigtup-ling
elif ASYM_ELGAMAL_EOS == keyalg:
keytup = signer.body.ELGAMAL_p.value, signer.body.ELGAMAL_g.value, seckey
def testC4Inversion(self):
"""strnum: number to string inversion (int2quadoct/str2int())"""
for o in self.good_nums:
self.assertEqual(o[0], str2int(int2quadoct(o[0])))
def testC0TranslationN2Q(self):
"""strnum: int2quadoct output"""
for v in self.good_nums:
self.assertEqual(v[1], int2quadoct(v[0]))
def testC4Inversion(self):
"""strnum: number to string inversion (int2quadoct/str2int())"""
for o in self.good_nums:
self.assertEqual(o[0], str2int(int2quadoct(o[0])))
def testC0TranslationN2Q(self):
"""strnum: int2quadoct output"""
for v in self.good_nums:
self.assertEqual(v[1], int2quadoct(v[0]))
