def btls_client_cert(client_log_file, curve, ciphersuites, psk=False):
for ciphersuite in ciphersuites:
if psk:
cmd = ('s_client -cipher {} -tls1_2 -psk 123456 2>{}'.format(
ciphersuite, client_log_file))
else:
cmd = ('s_client -cipher {} -tls1_2 2>{}'.format(
ciphersuite, client_log_file))
openssl(cmd,
prefix='echo test_{}={} |'.format(curve, ciphersuite),
type_=2)
def btls_client_nocert(client_log_file, curves_list, ciphersuites):
for ciphersuite in ciphersuites:
for curves in curves_list:
if curves != 'NULL':
cmd = (
's_client -cipher {} -tls1_2 -curves {} -psk 123456 2>{}'.
format(ciphersuite, curves, client_log_file))
else:
cmd = ('s_client -cipher {} -tls1_2 -psk 123456 2>{}'.format(
ciphersuite, client_log_file))
openssl(cmd,
prefix='echo test_{}={} |'.format(curves, ciphersuite),
type_=2)
def bignVerify(prkey, hashname, src, sign_file):
plain = b64_encoder(src)[0].decode()
prefix = 'echo ' + plain[:-1] + ' | python -m base64 -d |'
cmd = 'dgst -{} -prverify {} -hex -signature {}'.format(
hashname, prkey, sign_file)
retcode, out, er__ = openssl(cmd, prefix=prefix, echo=False)
return out.decode()[:-1].strip()
def bignSign2(prkey, hashname, src, dest):
plain = b64_encoder(src)[0].decode()
prefix = 'echo ' + plain[:-1] + ' | python -m base64 -d |'
cmd = 'dgst -{} -sign {} -sigopt sig:deterministic -out {}'.format(
hashname, prkey, dest)
retcode, out, er__ = openssl(cmd, prefix=prefix, echo=False)
return retcode
def btls_server_nocert(server_log_file):
cmd = (
's_server -port 2222 -state -tls1_2 -psk 123456 -psk_hint 123 -nocert >> {}'
.format(server_log_file))
global server_nocert
server_nocert = openssl(cmd, type_=1)
def bignStdParams(name, out_filename, specified=False, cofactor=False):
options = '-pkeyopt params:{}'.format(name)
if specified:
options += ' -pkeyopt enc_params:specified'
if cofactor:
options += ' -pkeyopt enc_params:cofactor'
cmd = 'genpkey -genparam -algorithm bign {} -out {}'.format(
options, out_filename)
retcode, out, er__ = openssl(cmd)
return out
def btls_server_cert(tmpdirname, server_log_file, curve, psk=False):
priv = os.path.join(tmpdirname, '{}.key'.format(curve))
btls_gen_privkey(priv, curve)
cert = os.path.join(tmpdirname, 'cert.pem')
btls_issue_cert(priv, cert)
if psk:
cmd = (
's_server -key {} -cert {} -tls1_2 -psk 123456 -psk_hint 123 >> {}'
.format(priv, cert, server_log_file))
else:
cmd = ('s_server -key {} -cert {} -tls1_2 >> {}'.format(
priv, cert, server_log_file))
global server_cert
server_cert = openssl(cmd, type_=1)
def bignCalcPubkey(private_key_file, out_filename):
cmd = 'pkey -in {} -pubout -out {}'.format(private_key_file, out_filename)
retcode, public_key, er__ = openssl(cmd)
return public_key
def bignGenKeypair(params_file, out_filename):
cmd = 'genpkey -paramfile {} -out {}'.format(params_file, out_filename)
retcode, out, er__ = openssl(cmd)
return out
def btls_issue_cert(privfile, certfile):
cmd = (
'req -x509 -subj "/CN=www.example.org/O=BCrypto/C=BY/ST=MINSK" -new -key {} -nodes -out {}'
.format(privfile, certfile))
retcode, block, er__ = openssl(cmd)
def btls_gen_privkey(privfile, curve):
cmd = 'genpkey -algorithm bign -pkeyopt params:{} -out {}'.format(
curve, privfile)
retcode, block, er__ = openssl(cmd)
def test_engine():
retcode, out, er__ = openssl('engine -c -t bee2evp')
test_result('engine', retcode)
print(out.decode())
def test_version():
retcode, out, __ = openssl('version')
test_result('version', retcode)
print(out.decode())
def test_belt_kwp_dwp():
tmpdirname = tempfile.mkdtemp()
params256 = os.path.join(tmpdirname, 'params256.pem')
cmd = ('genpkey -genparam -algorithm bign -pkeyopt params:bign-curve256v1'
' -pkeyopt enc_params:specified -pkeyopt enc_params:cofactor -out')
openssl('{} {}'.format(cmd, params256))
kwp128 = os.path.join(tmpdirname, 'kwp128.pem')
retcode, out, er__ = openssl(
'genpkey -paramfile {} -belt-kwp128 -pass pass:root -out {}'.format(
params256, kwp128))
retcode, out, er__ = openssl(
'pkey -in {} -check -passin pass:root'.format(kwp128))
out = out.decode()
retcode = (out.find('valid') != -1)
test_result('belt-kwp128', retcode)
kwp192 = os.path.join(tmpdirname, 'kwp192.pem')
retcode, out, er__ = openssl(
'genpkey -paramfile {} -belt-kwp192 -pass pass:root -out {}'.format(
params256, kwp192))
retcode, out, er__ = openssl(
'pkey -in {} -check -passin pass:root'.format(kwp192))
out = out.decode()
retcode = (out.find('valid') != -1)
test_result('belt-kwp192', retcode)
kwp256 = os.path.join(tmpdirname, 'kwp256.pem')
retcode, out, er__ = openssl(
'genpkey -paramfile {} -belt-kwp256 -pass pass:root -out {}'.format(
params256, kwp256))
retcode, out, er__ = openssl(
'pkey -in {} -check -passin pass:root'.format(kwp256))
out = out.decode()
retcode = (out.find('valid') != -1)
test_result('belt-kwp256', retcode)
dwp128 = os.path.join(tmpdirname, 'dwp128.pem')
retcode, out, er__ = openssl(
'genpkey -paramfile {} -belt-dwp128 -pass pass:root -out {}'.format(
params256, dwp128))
retcode, out, er__ = openssl(
'pkey -in {} -check -passin pass:root'.format(dwp128))
out = out.decode()
retcode = (out.find('valid') != -1)
test_result('belt-dwp128', retcode)
dwp192 = os.path.join(tmpdirname, 'dwp192.pem')
retcode, out, er__ = openssl(
'genpkey -paramfile {} -belt-dwp192 -pass pass:root -out {}'.format(
params256, dwp192))
retcode, out, er__ = openssl(
'pkey -in {} -check -passin pass:root'.format(dwp192))
out = out.decode()
retcode = (out.find('valid') != -1)
test_result('belt-dwp192', retcode)
dwp256 = os.path.join(tmpdirname, 'dwp256.pem')
retcode, out, er__ = openssl(
'genpkey -paramfile {} -belt-dwp256 -pass pass:root -out {}'.format(
params256, dwp256))
retcode, out, er__ = openssl(
'pkey -in {} -check -passin pass:root'.format(dwp256))
out = out.decode()
retcode = (out.find('valid') != -1)
test_result('belt-dwp256', retcode)
shutil.rmtree(tmpdirname)
def test_bign():
# Create temporary directory for testing
tmpdirname = tempfile.mkdtemp()
# Gen params bign-curve256v1
params256 = os.path.join(tmpdirname, 'params256v1.pem')
bignStdParams('bign-curve256v1', params256)
out = openssl('asn1parse -in {}'.format(params256))
res = out[1].decode().find('bign-curve256v1') != -1
test_result('Gen params bign-curve256v1', res)
# Gen params bign-curve384v1
params384 = os.path.join(tmpdirname, 'params384v1.pem')
bignStdParams('bign-curve384v1', params384)
out = openssl('asn1parse -in {}'.format(params384))
res = out[1].decode().find('bign-curve384v1') != -1
test_result('Gen params bign-curve384v1', res)
# Gen params bign-curve512v1
params512 = os.path.join(tmpdirname, 'params512v1.pem')
bignStdParams('bign-curve512v1', params512)
out = openssl('asn1parse -in {}'.format(params512))
res = out[1].decode().find('bign-curve512v1') != -1
test_result('Gen params bign-curve512v1', res)
# Gen private key bign-curve256v1
prkey256 = os.path.join(tmpdirname, 'prkey256v1.pem')
bignGenKeypair(params256, prkey256)
out = openssl('asn1parse -in {}'.format(prkey256))
res = (out[1].decode().find('bign-curve256v1') !=
-1 & out[1].decode().find('bign-pubkey') != -1)
test_result('Gen private key bign-curve256v1', res)
# Gen private key G.1
key = '1F66B5B84B7339674533F0329C74F21834281FED0732429E0C79235FC273E269'
asn1cnf = '''
asn1 = SEQUENCE:SubjectPublicKeyInfo
[SubjectPublicKeyInfo]
version = INTEGER:0
algorithm = SEQUENCE:AlgorithmIdentifier
subjectPublicKey = FORMAT:HEX,OCTETSTRING:{}
[AlgorithmIdentifier]
algorithm = OBJECT:bign-pubkey
parameters = OBJECT:bign-curve256v1
'''.format(key)
asn1_conf_file = os.path.join(tmpdirname, 'asn1_conf')
with open(asn1_conf_file, 'w') as f:
f.write(asn1cnf)
G1prkey256der = os.path.join(tmpdirname, 'G1prkey256.der')
G1prkey256pem = os.path.join(tmpdirname, 'G1prkey256.pem')
retcode, out, er__ = openssl('asn1parse -genconf {} -out {}'.format(
asn1_conf_file, G1prkey256der))
openssl('pkey -inform DER -in {} -outform PEM -out {}'.format(
G1prkey256der, G1prkey256pem))
retcode, out, er__ = openssl('asn1parse -in {}'.format(G1prkey256pem))
out = out.decode().strip()[out.decode().rfind('[HEX DUMP]:'):].split(
':')[1]
res = (out == key)
test_result('Generate private key G.1', res)
# Gen private key bign-curve384v1
prkey384 = os.path.join(tmpdirname, 'prkey384v1.pem')
bignGenKeypair(params384, prkey384)
out = openssl('asn1parse -in {}'.format(prkey384))
res = (out[1].decode().find('bign-curve384v1') !=
-1 & out[1].decode().find('bign-pubkey') != -1)
test_result('Gen private key bign-curve384v1', res)
# Gen private key bign-curve512v1
prkey512 = os.path.join(tmpdirname, 'prkey512v1.pem')
bignGenKeypair(params512, prkey512)
out = openssl('asn1parse -in {}'.format(prkey512))
res = (out[1].decode().find('bign-curve512v1') !=
-1 & out[1].decode().find('bign-pubkey') != -1)
test_result('Gen private key bign-curve512v1', res)
# Calc public key bign-curve256v1
pubkey256 = os.path.join(tmpdirname, 'pubkey256v1.pem')
bignCalcPubkey(prkey256, pubkey256)
out = openssl('asn1parse -in {}'.format(pubkey256))
res = (out[1].decode().find('bign-curve256v1') !=
-1 & out[1].decode().find('bign-pubkey') != -1)
test_result('Calc public key bign-curve256v1', res)
# Calc public key G.1
G1pubkey256 = os.path.join(tmpdirname, 'G1pubkey256v1.pem')
bignCalcPubkey(G1prkey256pem, G1pubkey256)
out = openssl('asn1parse -in {} -offset 28 -dump'.format(G1pubkey256))
out = re.sub('[\s\n]', '', out[1].decode())
matches = re.findall('[0-9A-Fa-f]{4}-[0-9A-Fa-f]+-*[0-9A-Fa-f]+', out)
ans = ''
for match in matches:
items = match.split('-')
for item in items[1:]:
ans += item
res = (ans[2:] == ('bd1a5650179d79e03fcee49d4c2bd5dd'
'f54ce46d0cf11e4ff87bf7a890857fd0'
'7ac6a60361e8c8173491686d461b2826'
'190c2eda5909054a9ab84d2ab9d99a90'))
test_result('Calc public key G.1', res)
# Calc public key bign-curve384v1
pubkey384 = os.path.join(tmpdirname, 'pubkey384v1.pem')
bignCalcPubkey(prkey384, pubkey384)
out = openssl('asn1parse -in {}'.format(pubkey384))
res = (out[1].decode().find('bign-curve384v1') !=
-1 & out[1].decode().find('bign-pubkey') != -1)
test_result('Calc public key bign-curve384v1', res)
# Calc public key bign-curve512v1
pubkey512 = os.path.join(tmpdirname, 'pubkey512v1.pem')
bignCalcPubkey(prkey512, pubkey512)
out = openssl('asn1parse -in {}'.format(pubkey512))
res = (out[1].decode().find('bign-curve512v1') !=
-1 & out[1].decode().find('bign-pubkey') != -1)
test_result('Calc public key bign-curve512v1', res)
# Calc dgst belt-hash
src = hex_decoder('b194bac80a08f53b366d008e58')[0]
signbelth = os.path.join(tmpdirname, 'signbelth.sign')
retcode = bignSign(prkey256, 'belt-hash', bytes(src), signbelth)
res = (retcode == 1)
test_result('Calc dgst belt-hash', res)
# Verify dgst belt-hash
out = bignVerify(prkey256, 'belt-hash', bytes(src), signbelth)
res = (out == 'Verified OK')
test_result('Verify dgst belt-hash', res)
# Calc deterministic dgst belt-hash
src = hex_decoder('b194bac80a08f53b366d008e58')[0]
dsignbelth = os.path.join(tmpdirname, 'dsignbelth.sign')
retcode = bignSign(G1prkey256pem, 'belt-hash', bytes(src), dsignbelth)
res = (retcode == 1)
test_result('Calc deterministic dgst belt-hash', res)
# Verify deterministic dgst belt-hash
out = bignVerify(G1prkey256pem, 'belt-hash', bytes(src), dsignbelth)
res = (out == 'Verified OK')
test_result('Verify deterministic dgst belt-hash', res)
shutil.rmtree(tmpdirname)
