def testEncode1(self): # Empty sequence der = DerOctetString() self.assertEquals(encode(), b('\x04\x00')) # Small payload der.payload = b('\x01\x02') self.assertEquals(encode(), b('\x04\x02\x01\x02'))
def testEncode2(self): # Multi-byte integers # Value 128 der = DerInteger(128) self.assertEquals(encode(), b('\x02\x02\x00\x80')) # Value 0x180 der = DerInteger(0x180) self.assertEquals(encode(), b('\x02\x02\x01\x80')) # One very long integer der = DerInteger(2**2048) self.assertEquals( encode(), b('\x02\x82\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00') + b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') + b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') + b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') + b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') + b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') + b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') + b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') + b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') + b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') + b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') + b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') + b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') + b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') + b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') + b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') + b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') + b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') + b('\x00\x00\x00\x00\x00\x00\x00\x00\x00'))
def testEncode6(self): # Two positive integers der = DerSequence() der.append(0x180) der.append(0xFF) self.assertEquals(encode(), b('0\x08\x02\x02\x01\x80\x02\x02\x00\xff')) self.failUnless(der.hasOnlyInts()) self.failUnless(der.hasOnlyInts(False)) # Two mixed integers der = DerSequence() der.append(2) der.append(-2) self.assertEquals(encode(), b('0\x06\x02\x01\x02\x02\x01\xFE')) self.assertEquals(der.hasInts(), 1) self.assertEquals(der.hasInts(False), 2) self.failIf(der.hasOnlyInts()) self.failUnless(der.hasOnlyInts(False)) # der.append(0x01) der[1:] = [9, 8] self.assertEquals(len(der), 3) self.assertEqual(der[1:], [9, 8]) self.assertEqual(der[1:-1], [9]) self.assertEquals(encode(), b('0\x09\x02\x01\x02\x02\x01\x09\x02\x01\x08'))
def testEncode1(self): der = DerObjectId('1.2.840.113549.1.1.1') self.assertEquals(encode(), b('\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01')) # der = DerObjectId() der.value = '1.2.840.113549.1.1.1' self.assertEquals(encode(), b('\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01'))
def testObjEncode4(self): # Implicit tags (constructed) der = DerObject(0x10, implicit=1, constructed=True) der.payload = b('ppll') self.assertEquals(encode(), b('\xa1\x04ppll')) # Implicit tags (primitive) der = DerObject(0x02, implicit=0x1E, constructed=False) der.payload = b('ppll') self.assertEquals(encode(), b('\x9E\x04ppll'))
def testEncode2(self): # Two integers der = DerSetOf() der.add(0x180) der.add(0xFF) self.assertEquals(encode(), b('1\x08\x02\x02\x00\xff\x02\x02\x01\x80')) # Initialize with integers der = DerSetOf([0x180, 0xFF]) self.assertEquals(encode(), b('1\x08\x02\x02\x00\xff\x02\x02\x01\x80'))
def testEncode1(self): # Empty set der = DerSetOf() self.assertEquals(encode(), b('1\x00')) # One single-byte integer (zero) der.add(0) self.assertEquals(encode(), b('1\x03\x02\x01\x00')) # Invariant self.assertEquals(encode(), b('1\x03\x02\x01\x00'))
def testEncode3(self): # Negative integers # Value -1 der = DerInteger(-1) self.assertEquals(encode(), b('\x02\x01\xFF')) # Value -128 der = DerInteger(-128) self.assertEquals(encode(), b('\x02\x01\x80')) # Value der = DerInteger(-87873) self.assertEquals(encode(), b('\x02\x03\xFE\xA8\xBF'))
def testEncode1(self): # Single-byte integers # Value 0 der = DerInteger(0) self.assertEquals(encode(), b('\x02\x01\x00')) # Value 1 der = DerInteger(1) self.assertEquals(encode(), b('\x02\x01\x01')) # Value 127 der = DerInteger(127) self.assertEquals(encode(), b('\x02\x01\x7F'))
def testEncode1(self): # Empty sequence der = DerBitString() self.assertEquals(encode(), b('\x03\x01\x00')) # Small payload der = DerBitString(b('\x01\x02')) self.assertEquals(encode(), b('\x03\x03\x00\x01\x02')) # Small payload der = DerBitString() der.value = b('\x01\x02') self.assertEquals(encode(), b('\x03\x03\x00\x01\x02'))
def test_expected_only_integers(self): der_bin1 = encode() der_bin2 = encode() DerSequence().decode(der_bin1, only_ints_expected=True) DerSequence().decode(der_bin1, only_ints_expected=False) DerSequence().decode(der_bin2, only_ints_expected=False) self.assertRaises(ValueError, DerSequence().decode, der_bin2, only_ints_expected=True)
def testEncode1(self): # Empty sequence der = DerSequence() self.assertEquals(encode(), b('0\x00')) self.failIf(der.hasOnlyInts()) # One single-byte integer (zero) der.append(0) self.assertEquals(encode(), b('0\x03\x02\x01\x00')) self.assertEquals(der.hasInts(), 1) self.assertEquals(der.hasInts(False), 1) self.failUnless(der.hasOnlyInts()) self.failUnless(der.hasOnlyInts(False)) # Invariant self.assertEquals(encode(), b('0\x03\x02\x01\x00'))
def testEncode2(self): # Indexing der = DerSequence() der.append(0) der[0] = 1 self.assertEquals(len(der), 1) self.assertEquals(der[0], 1) self.assertEquals(der[-1], 1) self.assertEquals(encode(), b('0\x03\x02\x01\x01')) # der[:] = [1] self.assertEquals(len(der), 1) self.assertEquals(der[0], 1) self.assertEquals(encode(), b('0\x03\x02\x01\x01'))
def _export_private_der(self, include_ec_params=True): assert self.has_private() # ECPrivateKey ::= SEQUENCE { # version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1), # privateKey OCTET STRING, # parameters [0] ECParameters {{ NamedCurve }} OPTIONAL, # publicKey [1] BIT STRING OPTIONAL # } # Public key - uncompressed form modulus_bytes = self.pointQ.size_in_bytes() public_key = (b'\x04' + self.pointQ.x.to_bytes(modulus_bytes) + self.pointQ.y.to_bytes(modulus_bytes)) seq = [ 1, DerOctetString(self.d.to_bytes(modulus_bytes)), DerObjectId(self._curve.oid, explicit=0), DerBitString(public_key, explicit=1) ] if not include_ec_params: del seq[2] return encode()
def testEncode4(self): # One very long integer der = DerSequence() der.append(2**2048) self.assertEquals( encode(), b('0\x82\x01\x05') + b('\x02\x82\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00') + b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') + b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') + b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') + b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') + b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') + b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') + b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') + b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') + b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') + b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') + b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') + b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') + b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') + b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') + b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') + b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') + b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') + b('\x00\x00\x00\x00\x00\x00\x00\x00\x00'))
def testObjEncode1(self): # No payload der = DerObject(b('\x02')) self.assertEquals(encode(), b('\x02\x00')) # Small payload (primitive) der.payload = b('\x45') self.assertEquals(encode(), b('\x02\x01\x45')) # Invariant self.assertEquals(encode(), b('\x02\x01\x45')) # Initialize with numerical tag der = DerObject(0x04) der.payload = b('\x45') self.assertEquals(encode(), b('\x04\x01\x45')) # Initialize with constructed type der = DerObject(b('\x10'), constructed=True) self.assertEquals(encode(), b('\x30\x00'))
def testEncode7(self): # One integer and another type (already encoded) der = DerSequence() der.append(0x180) der.append(b('0\x03\x02\x01\x05')) self.assertEquals(encode(), b('0\x09\x02\x02\x01\x800\x03\x02\x01\x05')) self.failIf(der.hasOnlyInts())
def testEncode8(self): # One integer and another type (yet to encode) der = DerSequence() der.append(0x180) der.append(DerSequence([5])) self.assertEquals(encode(), b('0\x09\x02\x02\x01\x800\x03\x02\x01\x05')) self.failIf(der.hasOnlyInts())
def _generate_cache_key(request, method, headerlist, key_prefix): """Return a cache key from the headers given in the header list.""" ctx = hashlib.md5() for header in headerlist: value = request.META if value is not None: ctx.update(value.encode()) url = hashlib.md5(encode('ascii')) cache_key = 'views.decorators.cache.cache_page.%s.%s.%s.%s' % ( key_prefix, method, url.hexdigest(), ctx.hexdigest()) return _i18n_cache_key_suffix(request, cache_key)
def test_expected_nr_elements(self): der_bin = encode() DerSequence().decode(der_bin, nr_elements=3) DerSequence().decode(der_bin, nr_elements=(2, 3)) self.assertRaises(ValueError, DerSequence().decode, der_bin, nr_elements=1) self.assertRaises(ValueError, DerSequence().decode, der_bin, nr_elements=(4, 5))
def sign(self, msg_hash): """Produce the DSA/ECDSA signature of a message. :parameter msg_hash: The hash that was carried out over the message. The object belongs to the :mod:`Crypto.Hash` package. Under mode *'fips-186-3'*, the hash must be a FIPS approved secure hash (SHA-1 or a member of the SHA-2 family), of cryptographic strength appropriate for the DSA key. For instance, a 3072/256 DSA key can only be used in combination with SHA-512. :type msg_hash: hash object :return: The signature as a *byte string* :raise ValueError: if the hash algorithm is incompatible to the (EC)DSA key :raise TypeError: if the (EC)DSA key has no private half """ if not self._valid_hash(msg_hash): raise ValueError("Hash is not sufficiently strong") # Generate the nonce k (critical!) nonce = self._compute_nonce(msg_hash) # Perform signature using the raw API z = Integer.from_bytes(msg_hash.digest()[:self._order_bytes]) sig_pair = self._key._sign(z, nonce) # Encode the signature into a single byte string if self._encoding == 'binary': output = b"".join([long_to_bytes(x, self._order_bytes) for x in sig_pair]) else: # Dss-sig ::= SEQUENCE { # r OCTET STRING, # s OCTET STRING # } output = encode() return output
def export_key(self, format='PEM', passphrase=None, pkcs=1, protection=None, randfunc=None): """Export this RSA key. Args: format (string): The format to use for wrapping the key: - *'PEM'*. (*Default*) Text encoding, done according to `RFC1421`_/`RFC1423`_. - *'DER'*. Binary encoding. - *'OpenSSH'*. Textual encoding, done according to OpenSSH specification. Only suitable for public keys (not private keys). passphrase (string): (*For private keys only*) The pass phrase used for protecting the output. pkcs (integer): (*For private keys only*) The ASN.1 structure to use for serializing the key. Note that even in case of PEM encoding, there is an inner ASN.1 DER structure. With ``pkcs=1`` (*default*), the private key is encoded in a simple `PKCS#1`_ structure (``RSAPrivateKey``). With ``pkcs=8``, the private key is encoded in a `PKCS#8`_ structure (``PrivateKeyInfo``). .. note:: This parameter is ignored for a public key. For DER and PEM, an ASN.1 DER ``SubjectPublicKeyInfo`` structure is always used. protection (string): (*For private keys only*) The encryption scheme to use for protecting the private key. If ``None`` (default), the behavior depends on :attr:`format`: - For *'DER'*, the *PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC* scheme is used. The following operations are performed: 1. A 16 byte Triple DES key is derived from the passphrase using :func:`Crypto.Protocol.KDF.PBKDF2` with 8 bytes salt, and 1 000 iterations of :mod:`Crypto.Hash.HMAC`. 2. The private key is encrypted using CBC. 3. The encrypted key is encoded according to PKCS#8. - For *'PEM'*, the obsolete PEM encryption scheme is used. It is based on MD5 for key derivation, and Triple DES for encryption. Specifying a value for :attr:`protection` is only meaningful for PKCS#8 (that is, ``pkcs=8``) and only if a pass phrase is present too. The supported schemes for PKCS#8 are listed in the :mod:`Crypto.IO.PKCS8` module (see :attr:`wrap_algo` parameter). randfunc (callable): A function that provides random bytes. Only used for PEM encoding. The default is :func:`Crypto.Random.get_random_bytes`. Returns: byte string: the encoded key Raises: ValueError:when the format is unknown or when you try to encrypt a private key with *DER* format and PKCS#1. .. warning:: If you don't provide a pass phrase, the private key will be exported in the clear! .. _RFC1421: http://www.ietf.org/rfc/rfc1421.txt .. _RFC1423: http://www.ietf.org/rfc/rfc1423.txt .. _`PKCS#1`: http://www.ietf.org/rfc/rfc3447.txt .. _`PKCS#8`: http://www.ietf.org/rfc/rfc5208.txt """ if passphrase is not None: passphrase = tobytes(passphrase) if randfunc is None: randfunc = Random.get_random_bytes if format == 'OpenSSH': e_bytes, n_bytes = [x.to_bytes() for x in (self._e, self._n)] if bord(e_bytes[0]) & 0x80: e_bytes = b'\x00' + e_bytes if bord(n_bytes[0]) & 0x80: n_bytes = b'\x00' + n_bytes keyparts = [b'ssh-rsa', e_bytes, n_bytes] keystring = b''.join( [struct.pack(">I", len(kp)) + kp for kp in keyparts]) return b'ssh-rsa ' + binascii.b2a_base64(keystring)[:-1] # DER format is always used, even in case of PEM, which simply # encodes it into BASE64. if self.has_private(): binary_key = encode() if pkcs == 1: key_type = 'RSA PRIVATE KEY' if format == 'DER' and passphrase: raise ValueError("PKCS#1 private key cannot be encrypted") else: # PKCS#8 if format == 'PEM' and protection is None: key_type = 'PRIVATE KEY' binary_key = PKCS8.wrap(binary_key, oid, None) else: key_type = 'ENCRYPTED PRIVATE KEY' if not protection: protection = 'PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC' binary_key = PKCS8.wrap(binary_key, oid, passphrase, protection) passphrase = None else: key_type = "PUBLIC KEY" binary_key = _create_subject_public_key_info( oid, DerSequence([self.n, self.e])) if format == 'DER': return binary_key if format == 'PEM': pem_str = PEM.encode(binary_key, key_type, passphrase, randfunc) return tobytes(pem_str) raise ValueError( "Unknown key format '%s'. Cannot export the RSA key." % format)
def testInit1(self): der = DerBitString(b("\xFF")) self.assertEquals(encode(), b('\x03\x02\x00\xFF'))
def testObjEncode2(self): # Initialize with payload der = DerObject(0x03, b('\x12\x12')) self.assertEquals(encode(), b('\x03\x02\x12\x12'))
def testObjEncode5(self): # Encode type with explicit tag der = DerObject(0x10, explicit=5) der.payload = b("xxll") self.assertEqual(encode(), b("\xa5\x06\x10\x04xxll"))
def testInit1(self): der = DerSetOf([DerInteger(1), DerInteger(2)]) self.assertEquals(encode(), b('1\x06\x02\x01\x01\x02\x01\x02'))
def testObjEncode3(self): # Long payload der = DerObject(b('\x10')) der.payload = b("0") * 128 self.assertEquals(encode(), b('\x10\x81\x80' + "0" * 128))
def testEncode4(self): # Only non integers der = DerSetOf() der.add(b('\x01\x00')) der.add(b('\x01\x01\x01')) self.assertEquals(encode(), b('1\x05\x01\x00\x01\x01\x01'))
def _generate_cache_header_key(key_prefix, request): """Return a cache key for the header cache.""" url = hashlib.md5(encode('ascii')) cache_key = 'views.decorators.cache.cache_header.%s.%s' % (key_prefix, url.hexdigest()) return _i18n_cache_key_suffix(request, cache_key)
def testInit2(self): der = DerBitString(DerInteger(1)) self.assertEquals(encode(), b('\x03\x04\x00\x02\x01\x01'))