def btls_client_cert(client_log_file, curve, ciphersuites, psk=False): for ciphersuite in ciphersuites: if psk: cmd = ('s_client -cipher {} -tls1_2 -psk 123456 2>{}'.format( ciphersuite, client_log_file)) else: cmd = ('s_client -cipher {} -tls1_2 2>{}'.format( ciphersuite, client_log_file)) openssl(cmd, prefix='echo test_{}={} |'.format(curve, ciphersuite), type_=2)
def btls_client_nocert(client_log_file, curves_list, ciphersuites): for ciphersuite in ciphersuites: for curves in curves_list: if curves != 'NULL': cmd = ( 's_client -cipher {} -tls1_2 -curves {} -psk 123456 2>{}'. format(ciphersuite, curves, client_log_file)) else: cmd = ('s_client -cipher {} -tls1_2 -psk 123456 2>{}'.format( ciphersuite, client_log_file)) openssl(cmd, prefix='echo test_{}={} |'.format(curves, ciphersuite), type_=2)
def bignVerify(prkey, hashname, src, sign_file): plain = b64_encoder(src)[0].decode() prefix = 'echo ' + plain[:-1] + ' | python -m base64 -d |' cmd = 'dgst -{} -prverify {} -hex -signature {}'.format( hashname, prkey, sign_file) retcode, out, er__ = openssl(cmd, prefix=prefix, echo=False) return out.decode()[:-1].strip()
def bignSign2(prkey, hashname, src, dest): plain = b64_encoder(src)[0].decode() prefix = 'echo ' + plain[:-1] + ' | python -m base64 -d |' cmd = 'dgst -{} -sign {} -sigopt sig:deterministic -out {}'.format( hashname, prkey, dest) retcode, out, er__ = openssl(cmd, prefix=prefix, echo=False) return retcode
def btls_server_nocert(server_log_file): cmd = ( 's_server -port 2222 -state -tls1_2 -psk 123456 -psk_hint 123 -nocert >> {}' .format(server_log_file)) global server_nocert server_nocert = openssl(cmd, type_=1)
def bignStdParams(name, out_filename, specified=False, cofactor=False): options = '-pkeyopt params:{}'.format(name) if specified: options += ' -pkeyopt enc_params:specified' if cofactor: options += ' -pkeyopt enc_params:cofactor' cmd = 'genpkey -genparam -algorithm bign {} -out {}'.format( options, out_filename) retcode, out, er__ = openssl(cmd) return out
def btls_server_cert(tmpdirname, server_log_file, curve, psk=False): priv = os.path.join(tmpdirname, '{}.key'.format(curve)) btls_gen_privkey(priv, curve) cert = os.path.join(tmpdirname, 'cert.pem') btls_issue_cert(priv, cert) if psk: cmd = ( 's_server -key {} -cert {} -tls1_2 -psk 123456 -psk_hint 123 >> {}' .format(priv, cert, server_log_file)) else: cmd = ('s_server -key {} -cert {} -tls1_2 >> {}'.format( priv, cert, server_log_file)) global server_cert server_cert = openssl(cmd, type_=1)
def bignCalcPubkey(private_key_file, out_filename): cmd = 'pkey -in {} -pubout -out {}'.format(private_key_file, out_filename) retcode, public_key, er__ = openssl(cmd) return public_key
def bignGenKeypair(params_file, out_filename): cmd = 'genpkey -paramfile {} -out {}'.format(params_file, out_filename) retcode, out, er__ = openssl(cmd) return out
def btls_issue_cert(privfile, certfile): cmd = ( 'req -x509 -subj "/CN=www.example.org/O=BCrypto/C=BY/ST=MINSK" -new -key {} -nodes -out {}' .format(privfile, certfile)) retcode, block, er__ = openssl(cmd)
def btls_gen_privkey(privfile, curve): cmd = 'genpkey -algorithm bign -pkeyopt params:{} -out {}'.format( curve, privfile) retcode, block, er__ = openssl(cmd)
def test_engine(): retcode, out, er__ = openssl('engine -c -t bee2evp') test_result('engine', retcode) print(out.decode())
def test_version(): retcode, out, __ = openssl('version') test_result('version', retcode) print(out.decode())
def test_belt_kwp_dwp(): tmpdirname = tempfile.mkdtemp() params256 = os.path.join(tmpdirname, 'params256.pem') cmd = ('genpkey -genparam -algorithm bign -pkeyopt params:bign-curve256v1' ' -pkeyopt enc_params:specified -pkeyopt enc_params:cofactor -out') openssl('{} {}'.format(cmd, params256)) kwp128 = os.path.join(tmpdirname, 'kwp128.pem') retcode, out, er__ = openssl( 'genpkey -paramfile {} -belt-kwp128 -pass pass:root -out {}'.format( params256, kwp128)) retcode, out, er__ = openssl( 'pkey -in {} -check -passin pass:root'.format(kwp128)) out = out.decode() retcode = (out.find('valid') != -1) test_result('belt-kwp128', retcode) kwp192 = os.path.join(tmpdirname, 'kwp192.pem') retcode, out, er__ = openssl( 'genpkey -paramfile {} -belt-kwp192 -pass pass:root -out {}'.format( params256, kwp192)) retcode, out, er__ = openssl( 'pkey -in {} -check -passin pass:root'.format(kwp192)) out = out.decode() retcode = (out.find('valid') != -1) test_result('belt-kwp192', retcode) kwp256 = os.path.join(tmpdirname, 'kwp256.pem') retcode, out, er__ = openssl( 'genpkey -paramfile {} -belt-kwp256 -pass pass:root -out {}'.format( params256, kwp256)) retcode, out, er__ = openssl( 'pkey -in {} -check -passin pass:root'.format(kwp256)) out = out.decode() retcode = (out.find('valid') != -1) test_result('belt-kwp256', retcode) dwp128 = os.path.join(tmpdirname, 'dwp128.pem') retcode, out, er__ = openssl( 'genpkey -paramfile {} -belt-dwp128 -pass pass:root -out {}'.format( params256, dwp128)) retcode, out, er__ = openssl( 'pkey -in {} -check -passin pass:root'.format(dwp128)) out = out.decode() retcode = (out.find('valid') != -1) test_result('belt-dwp128', retcode) dwp192 = os.path.join(tmpdirname, 'dwp192.pem') retcode, out, er__ = openssl( 'genpkey -paramfile {} -belt-dwp192 -pass pass:root -out {}'.format( params256, dwp192)) retcode, out, er__ = openssl( 'pkey -in {} -check -passin pass:root'.format(dwp192)) out = out.decode() retcode = (out.find('valid') != -1) test_result('belt-dwp192', retcode) dwp256 = os.path.join(tmpdirname, 'dwp256.pem') retcode, out, er__ = openssl( 'genpkey -paramfile {} -belt-dwp256 -pass pass:root -out {}'.format( params256, dwp256)) retcode, out, er__ = openssl( 'pkey -in {} -check -passin pass:root'.format(dwp256)) out = out.decode() retcode = (out.find('valid') != -1) test_result('belt-dwp256', retcode) shutil.rmtree(tmpdirname)
def test_bign(): # Create temporary directory for testing tmpdirname = tempfile.mkdtemp() # Gen params bign-curve256v1 params256 = os.path.join(tmpdirname, 'params256v1.pem') bignStdParams('bign-curve256v1', params256) out = openssl('asn1parse -in {}'.format(params256)) res = out[1].decode().find('bign-curve256v1') != -1 test_result('Gen params bign-curve256v1', res) # Gen params bign-curve384v1 params384 = os.path.join(tmpdirname, 'params384v1.pem') bignStdParams('bign-curve384v1', params384) out = openssl('asn1parse -in {}'.format(params384)) res = out[1].decode().find('bign-curve384v1') != -1 test_result('Gen params bign-curve384v1', res) # Gen params bign-curve512v1 params512 = os.path.join(tmpdirname, 'params512v1.pem') bignStdParams('bign-curve512v1', params512) out = openssl('asn1parse -in {}'.format(params512)) res = out[1].decode().find('bign-curve512v1') != -1 test_result('Gen params bign-curve512v1', res) # Gen private key bign-curve256v1 prkey256 = os.path.join(tmpdirname, 'prkey256v1.pem') bignGenKeypair(params256, prkey256) out = openssl('asn1parse -in {}'.format(prkey256)) res = (out[1].decode().find('bign-curve256v1') != -1 & out[1].decode().find('bign-pubkey') != -1) test_result('Gen private key bign-curve256v1', res) # Gen private key G.1 key = '1F66B5B84B7339674533F0329C74F21834281FED0732429E0C79235FC273E269' asn1cnf = ''' asn1 = SEQUENCE:SubjectPublicKeyInfo [SubjectPublicKeyInfo] version = INTEGER:0 algorithm = SEQUENCE:AlgorithmIdentifier subjectPublicKey = FORMAT:HEX,OCTETSTRING:{} [AlgorithmIdentifier] algorithm = OBJECT:bign-pubkey parameters = OBJECT:bign-curve256v1 '''.format(key) asn1_conf_file = os.path.join(tmpdirname, 'asn1_conf') with open(asn1_conf_file, 'w') as f: f.write(asn1cnf) G1prkey256der = os.path.join(tmpdirname, 'G1prkey256.der') G1prkey256pem = os.path.join(tmpdirname, 'G1prkey256.pem') retcode, out, er__ = openssl('asn1parse -genconf {} -out {}'.format( asn1_conf_file, G1prkey256der)) openssl('pkey -inform DER -in {} -outform PEM -out {}'.format( G1prkey256der, G1prkey256pem)) retcode, out, er__ = openssl('asn1parse -in {}'.format(G1prkey256pem)) out = out.decode().strip()[out.decode().rfind('[HEX DUMP]:'):].split( ':')[1] res = (out == key) test_result('Generate private key G.1', res) # Gen private key bign-curve384v1 prkey384 = os.path.join(tmpdirname, 'prkey384v1.pem') bignGenKeypair(params384, prkey384) out = openssl('asn1parse -in {}'.format(prkey384)) res = (out[1].decode().find('bign-curve384v1') != -1 & out[1].decode().find('bign-pubkey') != -1) test_result('Gen private key bign-curve384v1', res) # Gen private key bign-curve512v1 prkey512 = os.path.join(tmpdirname, 'prkey512v1.pem') bignGenKeypair(params512, prkey512) out = openssl('asn1parse -in {}'.format(prkey512)) res = (out[1].decode().find('bign-curve512v1') != -1 & out[1].decode().find('bign-pubkey') != -1) test_result('Gen private key bign-curve512v1', res) # Calc public key bign-curve256v1 pubkey256 = os.path.join(tmpdirname, 'pubkey256v1.pem') bignCalcPubkey(prkey256, pubkey256) out = openssl('asn1parse -in {}'.format(pubkey256)) res = (out[1].decode().find('bign-curve256v1') != -1 & out[1].decode().find('bign-pubkey') != -1) test_result('Calc public key bign-curve256v1', res) # Calc public key G.1 G1pubkey256 = os.path.join(tmpdirname, 'G1pubkey256v1.pem') bignCalcPubkey(G1prkey256pem, G1pubkey256) out = openssl('asn1parse -in {} -offset 28 -dump'.format(G1pubkey256)) out = re.sub('[\s\n]', '', out[1].decode()) matches = re.findall('[0-9A-Fa-f]{4}-[0-9A-Fa-f]+-*[0-9A-Fa-f]+', out) ans = '' for match in matches: items = match.split('-') for item in items[1:]: ans += item res = (ans[2:] == ('bd1a5650179d79e03fcee49d4c2bd5dd' 'f54ce46d0cf11e4ff87bf7a890857fd0' '7ac6a60361e8c8173491686d461b2826' '190c2eda5909054a9ab84d2ab9d99a90')) test_result('Calc public key G.1', res) # Calc public key bign-curve384v1 pubkey384 = os.path.join(tmpdirname, 'pubkey384v1.pem') bignCalcPubkey(prkey384, pubkey384) out = openssl('asn1parse -in {}'.format(pubkey384)) res = (out[1].decode().find('bign-curve384v1') != -1 & out[1].decode().find('bign-pubkey') != -1) test_result('Calc public key bign-curve384v1', res) # Calc public key bign-curve512v1 pubkey512 = os.path.join(tmpdirname, 'pubkey512v1.pem') bignCalcPubkey(prkey512, pubkey512) out = openssl('asn1parse -in {}'.format(pubkey512)) res = (out[1].decode().find('bign-curve512v1') != -1 & out[1].decode().find('bign-pubkey') != -1) test_result('Calc public key bign-curve512v1', res) # Calc dgst belt-hash src = hex_decoder('b194bac80a08f53b366d008e58')[0] signbelth = os.path.join(tmpdirname, 'signbelth.sign') retcode = bignSign(prkey256, 'belt-hash', bytes(src), signbelth) res = (retcode == 1) test_result('Calc dgst belt-hash', res) # Verify dgst belt-hash out = bignVerify(prkey256, 'belt-hash', bytes(src), signbelth) res = (out == 'Verified OK') test_result('Verify dgst belt-hash', res) # Calc deterministic dgst belt-hash src = hex_decoder('b194bac80a08f53b366d008e58')[0] dsignbelth = os.path.join(tmpdirname, 'dsignbelth.sign') retcode = bignSign(G1prkey256pem, 'belt-hash', bytes(src), dsignbelth) res = (retcode == 1) test_result('Calc deterministic dgst belt-hash', res) # Verify deterministic dgst belt-hash out = bignVerify(G1prkey256pem, 'belt-hash', bytes(src), dsignbelth) res = (out == 'Verified OK') test_result('Verify deterministic dgst belt-hash', res) shutil.rmtree(tmpdirname)