def CMS(data, format="PEM"): """ Factory function to create CMS objects from received messages. Parses CMS data and returns either SignedData or EnvelopedData object. format argument can be either "PEM" or "DER". It determines object type from the contents of received CMS structure. """ bio = Membio(data) if format == "PEM": ptr = libcrypto.PEM_read_bio_CMS(bio.bio, None, None, None) else: ptr = libcrypto.d2i_CMS_bio(bio.bio, None) if ptr is None: raise CMSError("Error parsing CMS data") typeoid = Oid(libcrypto.OBJ_obj2nid(libcrypto.CMS_get0_type(ptr))) if typeoid.shortname() == "pkcs7-signedData": return SignedData(ptr) elif typeoid.shortname() == "pkcs7-envelopedData": return EnvelopedData(ptr) elif typeoid.shortname() == "pkcs7-encryptedData": return EncryptedData(ptr) else: raise NotImplementedError("cannot handle "+typeoid.shortname())
def CMS(data, format="PEM"): """ Factory function to create CMS objects from received messages. Parses CMS data and returns either SignedData or EnvelopedData object. format argument can be either "PEM" or "DER". It determines object type from the contents of received CMS structure. """ bio = Membio(data) if format == "PEM": ptr = libcrypto.PEM_read_bio_CMS(bio.bio, None, None, None) else: ptr = libcrypto.d2i_CMS_bio(bio.bio, None) if ptr is None: raise CMSError("Error parsing CMS data") typeoid = Oid(libcrypto.OBJ_obj2nid(libcrypto.CMS_get0_type(ptr))) if typeoid.shortname() == "pkcs7-signedData": return SignedData(ptr) elif typeoid.shortname() == "pkcs7-envelopedData": return EnvelopedData(ptr) elif typeoid.shortname() == "pkcs7-encryptedData": return EncryptedData(ptr) else: raise NotImplementedError("cannot handle " + typeoid.shortname())
def test_cn(self): o=Oid("2.5.4.3") self.assertEqual(repr(o),"Oid('2.5.4.3')") self.assertEqual(o.dotted(),"2.5.4.3") self.assertEqual(str(o),"2.5.4.3") self.assertEqual(o.shortname(),"CN") self.assertEqual(o.longname(),"commonName")
def CMS(data, format="PEM"): """ Parses CMS data and returns either SignedData or EnvelopedData object """ bio = Membio(data) if format == "PEM": ptr = libcrypto.PEM_read_bio_CMS(bio.bio, None, None, None) else: ptr = libcrypto.d2i_CMS_bio(bio.bio, None) typeoid = Oid(libcrypto.OBJ_obj2nid(libcrypto.CMS_get0_type(ptr))) if typeoid.shortname() == "pkcs7-signedData": return SignedData(ptr) elif typeoid.shortname() == "pkcs7-envelopedData": return EnvelopedData(ptr) elif typeoid.shortname() == "pkcs7-encryptedData": return EncryptedData(ptr) else: raise NotImplementedError("cannot handle "+typeoid.shortname())
def CMS(data, format="PEM"): """ Parses CMS data and returns either SignedData or EnvelopedData object """ bio = Membio(data) if format == "PEM": ptr = libcrypto.PEM_read_bio_CMS(bio.bio, None, None, None) else: ptr = libcrypto.d2i_CMS_bio(bio.bio, None) if ptr is None: raise CMSError("Error parsing CMS data") typeoid = Oid(libcrypto.OBJ_obj2nid(libcrypto.CMS_get0_type(ptr))) if typeoid.shortname() == "pkcs7-signedData": return SignedData(ptr) elif typeoid.shortname() == "pkcs7-envelopedData": return EnvelopedData(ptr) elif typeoid.shortname() == "pkcs7-encryptedData": return EncryptedData(ptr) else: raise NotImplementedError("cannot handle " + typeoid.shortname())
def test_fromunicode(self): o=Oid(u'commonName') self.assertEqual(o.shortname(),'CN')
class MAC(Digest): """ This object represents MAC context. It is quite simular to digest algorithm. It is simular to hmac objects provided by standard library """ def __init__(self,algorithm,key,digest=None,**kwargs): """ Constructor has to obligatory arguments: @param algorithm - which is name of MAC algorithm i.e 'hmac' or 'gost-mac' or equivalent Oid object @param key - byte buffer with key. Optional parameters are: digest - Oid or name of the digest algorithm to use. If none specified, OpenSSL will try to derive one from the MAC algorithm (or if algorithm is hmac, we'll substititute md5 for compatibility with standard hmac module any other keyword argument is passed to EVP_PKEY_CTX as string option. """ if isinstance(algorithm,str): self.algorithm=Oid(algorithm) elif isinstance(algorithm,Oid): self.algorithm=algorithm else: raise TypeError("Algorthm must be string or Oid") if self.algorithm==Oid('hmac') and digest is None: digest='md5' self.name=self.algorithm.shortname().lower() if digest is not None: self.digest_type=DigestType(digest) self.name+='-'+self.digest_type.digest_name d=self.digest_type.digest else: self.digest_type=None d=None self.key=libcrypto.EVP_PKEY_new_mac_key(self.algorithm.nid,None,key,len(key)) if self.key is None: raise DigestError("EVP_PKEY_new_mac_key") pctx=c_void_p() self.ctx = libcrypto.EVP_MD_CTX_create() if self.ctx == 0: raise DigestError("Unable to create digest context") if libcrypto.EVP_DigestSignInit(self.ctx,pointer(pctx),d,None,self.key) <= 0: raise DigestError("Unable to intialize digest context") self.digest_finalized=False if self.digest_type is None: self.digest_type=DigestType(Oid(libcrypto.EVP_MD_type(libcrypto.EVP_MD_CTX_md(self.ctx)))) for (name,val) in kwargs.items(): if libcrypto.EVP_PKEY_CTX_ctrl_str(pctx,name,val)<=0: raise DigestError("Unable to set mac parameter") self.digest_size = self.digest_type.digest_size() self.block_size = self.digest_type.block_size() def digest(self,data=None): """ Method digest is redefined to return keyed MAC value instead of just digest. """ if data is not None: self.update(data) b=create_string_buffer(256) size=c_size_t(256) if libcrypto.EVP_DigestSignFinal(self.ctx,b,pointer(size))<=0: raise DigestError('SignFinal') self.digest_finalized=True return b.raw[:size.value]
class MAC(Digest): """ This object represents MAC context. It is quite simular to digest algorithm. It is simular to hmac objects provided by standard library """ def __init__(self, algorithm, key, digest=None, **kwargs): """ Constructor has to obligatory arguments: @param algorithm - which is name of MAC algorithm i.e 'hmac' or 'gost-mac' or equivalent Oid object @param key - byte buffer with key. Optional parameters are: digest - Oid or name of the digest algorithm to use. If none specified, OpenSSL will try to derive one from the MAC algorithm (or if algorithm is hmac, we'll substititute md5 for compatibility with standard hmac module any other keyword argument is passed to EVP_PKEY_CTX as string option. """ if isinstance(algorithm, str): self.algorithm = Oid(algorithm) elif isinstance(algorithm, Oid): self.algorithm = algorithm else: raise TypeError("Algorthm must be string or Oid") if self.algorithm == Oid('hmac') and digest is None: digest = 'md5' self.name = self.algorithm.shortname().lower() if digest is not None: self.digest_type = DigestType(digest) self.name += '-' + self.digest_type.digest_name d = self.digest_type.digest else: self.digest_type = None d = None self.key = libcrypto.EVP_PKEY_new_mac_key(self.algorithm.nid, None, key, len(key)) if self.key is None: raise DigestError("EVP_PKEY_new_mac_key") pctx = c_void_p() self.ctx = libcrypto.EVP_MD_CTX_create() if self.ctx == 0: raise DigestError("Unable to create digest context") if libcrypto.EVP_DigestSignInit(self.ctx, pointer(pctx), d, None, self.key) <= 0: raise DigestError("Unable to intialize digest context") self.digest_finalized = False if self.digest_type is None: self.digest_type = DigestType( Oid(libcrypto.EVP_MD_type(libcrypto.EVP_MD_CTX_md(self.ctx)))) for (name, val) in kwargs.items(): if libcrypto.EVP_PKEY_CTX_ctrl_str(pctx, name, val) <= 0: raise DigestError("Unable to set mac parameter") self.digest_size = self.digest_type.digest_size self.block_size = self.digest_type.block_size def digest(self, data=None): """ Method digest is redefined to return keyed MAC value instead of just digest. """ if data is not None: self.update(data) b = create_string_buffer(256) size = c_size_t(256) if libcrypto.EVP_DigestSignFinal(self.ctx, b, pointer(size)) <= 0: raise DigestError('SignFinal') self.digest_finalized = True return b.raw[:size.value]