def test_sign(self): signer=PKey(privkey=self.ec1priv) digest=b16decode("FFCA2587CFD4846E4CB975B503C9EB940F94566AA394E8BD571458B9DA5097D5") signature=signer.sign(digest) self.assertTrue(len(signature)>0) verifier=PKey(pubkey=self.ec1pub) self.assertTrue(verifier.verify(digest,signature))
def test_generate_ec(self): templkey=PKey(pubkey=self.ec1pub) newkey=PKey.generate("ec",paramsfrom=templkey) self.assertIsNotNone(newkey.key) s=str(newkey) self.assertEqual(s[:s.find("\n")],"Public-Key: (256 bit)") self.assertNotEqual(str(templkey),str(newkey))
def test_export_priv_encrypt(self): from ctypescrypto.cipher import CipherType key=PKey(privkey=self.rsa) pem=key.exportpriv(password='******',cipher=CipherType("aes256")) if pyver >2: pem = pem.encode("ascii") self.assertEqual(runopenssl(["pkey","-text_pub","-noout","-passin","pass:2222"], pem),self.rsakeytext)
def test_export_priv_der_enc(self): from ctypescrypto.cipher import CipherType key = PKey(privkey=self.rsa) der = key.exportpriv(format="DER", password='******', cipher=CipherType("aes256")) self.assertEqual( runopenssl(["pkcs8", "-passin", "pass:2222", "-inform", "DER"], der), self.rsa)
def test_export_priv_encrypt(self): from ctypescrypto.cipher import CipherType key = PKey(privkey=self.rsa) pem = key.exportpriv(password='******', cipher=CipherType("aes256")) if pyver > 2: pem = pem.encode("ascii") self.assertEqual( runopenssl(["pkey", "-text_pub", "-noout", "-passin", "pass:2222"], pem), self.rsakeytext)
def create(curve, data): """ Creates EC keypair from the just secret key and curve name @param curve - name of elliptic curve @param num - byte array or long number representing key """ ec_key = libcrypto.EC_KEY_new_by_curve_name(curve.nid) if ec_key is None: raise PKeyError("EC_KEY_new_by_curvename") group = libcrypto.EC_KEY_get0_group(ec_key) if group is None: raise PKeyError("EC_KEY_get0_group") libcrypto.EC_GROUP_set_asn1_flag(group, 1) raw_key = libcrypto.BN_new() if isinstance(data, int): libcrypto.BN_hex2bn(byref(raw_key), hex(data)) else: if raw_key is None: raise PKeyError("BN_new") if libcrypto.BN_bin2bn(data, len(data), raw_key) is None: raise PKeyError("BN_bin2bn") ctx = libcrypto.BN_CTX_new() if ctx is None: raise PKeyError("BN_CTX_new") order = libcrypto.BN_new() if order is None: raise PKeyError("BN_new") priv_key = libcrypto.BN_new() if priv_key is None: raise PKeyError("BN_new") if libcrypto.EC_GROUP_get_order(group, order, ctx) <= 0: raise PKeyError("EC_GROUP_get_order") if libcrypto.BN_nnmod(priv_key, raw_key, order, ctx) <= 0: raise PKeyError("BN_nnmod") if libcrypto.EC_KEY_set_private_key(ec_key, priv_key) <= 0: raise PKeyError("EC_KEY_set_private_key") pub_key = libcrypto.EC_POINT_new(group) if pub_key is None: raise PKeyError("EC_POINT_new") if libcrypto.EC_POINT_mul(group, pub_key, priv_key, None, None, ctx) <= 0: raise PKeyError("EC_POINT_mul") if libcrypto.EC_KEY_set_public_key(ec_key, pub_key) <= 0: raise PKeyError("EC_KEY_set_public_key") libcrypto.BN_free(raw_key) libcrypto.BN_free(order) libcrypto.BN_free(priv_key) libcrypto.BN_CTX_free(ctx) pkey = libcrypto.EVP_PKEY_new() if pkey is None: raise PKeyError("EVP_PKEY_new") if libcrypto.EVP_PKEY_set1_EC_KEY(pkey, ec_key) <= 0: raise PKeyError("EVP_PKEY_set1_EC_KEY") libcrypto.EC_KEY_free(ec_key) return PKey(ptr=pkey, cansign=True)
def private_key(self, key_id, ui_method = None, ui_data=None): from ctypescrypto.pkey import PKey if ui_method is None: ui_ptr = libcrypto.UI_OpenSSL() else: ui_ptr = ui_method.ptr pkey = libcrypto.ENGINE_load_private_key(self.ptr, key_id, ui_ptr, ui_data) if pkey is None: raise LibCryptoError("Cannot load private key") return PKey(ptr=pkey, cansign=True)
def sign(message, key, cert, detached=True): """Sign a a given message.""" # FIXME if not detached: raise NotImplementedError() signed = MIMEMultipart('signed', micalg='sha-256', protocol='application/pkcs7-signature') signed.preamble = SIGNED_PREAMBLE signed.attach(message) cann = message.as_bytes().replace(b'\n', b'\r\n') key, certstack = PKey(privkey=key.encode()), parse_pem(cert) flags = Flags.DETACHED + Flags.BINARY cms = SignedData.create(cann, certstack[-1], key, flags=flags, certs=certstack[:-1]) signature = MIMEApplication(cms, 'pkcs7-signature', encode_cms, name='smime.p7s') signature.add_header('Content-Disposition', 'attachment', filename='smime.p7s') signed.attach(signature) return signed
def test_export_priv_der(self): key = PKey(privkey=self.rsa) der = key.exportpriv(format="DER") self.assertEqual( runopenssl(["pkey", "-text_pub", "-noout", "-inform", "DER"], der), self.rsakeytext)
def test_export_priv_pem(self): key=PKey(privkey=self.ec1priv) out=key.exportpriv() self.assertEqual(self.ec1priv,out)
def test_encrypted_der_pkcs8(self): pkcs8der = pem2der(self.pkcs8crypt) key = PKey(privkey=pkcs8der, password=self.password, format="DER") self.assertIsNotNone(key.key) self.assertEqual(str(key), self.rsakeytext)
def test_generate_params(self): newkey=PKey.generate("rsa",rsa_keygen_bits=2048) self.assertIsNotNone(newkey.key) s=str(newkey) self.assertEqual(s[:s.find("\n")],"Public-Key: (2048 bit)")
def pubkey(self): """EVP PKEy object of certificate public key""" return PKey(ptr=libcrypto.X509_get_pubkey(self.cert, False))
def test_encryped_pem_pkcs8(self): key = PKey(privkey=self.pkcs8crypt, password=self.password) self.assertIsNotNone(key.key) self.assertEqual(str(key), self.rsakeytext)
def test_unencrypted_pem(self): key=PKey(privkey=self.rsa) self.assertIsNotNone(key.key) self.assertEqual(str(key),self.rsakeytext)
def test_unencrypted_pem_ec(self): key = PKey(privkey=self.ec1priv) self.assertIsNotNone(key.key) self.assertEqual(re.sub("pub: \n", "pub:\n", str(key)), self.ec1keytext)
def test_generate(self): newkey=PKey.generate("rsa") self.assertIsNotNone(newkey.key) s=str(newkey) self.assertEqual(s[:s.find("\n")],"Public-Key: (1024 bit)")
def test_export_priv_der(self): key=PKey(privkey=self.rsa) der=key.exportpriv(format="DER") self.assertEqual(runopenssl(["pkey","-text_pub","-noout","-inform","DER"], der),self.rsakeytext)
def test_pubkey_pem(self): key=PKey(pubkey=self.ec1pub) self.assertIsNotNone(key.key) self.assertEqual(str(key),self.ec1keytext)
def test_export_priv_der_enc(self): from ctypescrypto.cipher import CipherType key=PKey(privkey=self.rsa) der=key.exportpriv(format="DER",password='******',cipher=CipherType("aes256")) self.assertEqual(runopenssl(["pkcs8","-passin","pass:2222","-inform","DER"], der),self.rsa)
def test_pubkey_der(self): key=PKey(pubkey=pem2der(self.ec1pub),format="DER") self.assertIsNotNone(key.key) self.assertEqual(str(key),self.ec1keytext)
def test_compare(self): key1=PKey(privkey=self.ec1priv) self.assertIsNotNone(key1.key) key2=PKey(pubkey=self.ec1pub) self.assertIsNotNone(key2.key) self.assertEqual(key1,key2)
def test_unencrypted_pem_ec(self): key=PKey(privkey=self.ec1priv) self.assertIsNotNone(key.key) self.assertEqual(str(key),self.ec1keytext)
def test_pubkey_pem(self): key = PKey(pubkey=self.ec1pub) self.assertIsNotNone(key.key) self.assertEqual(re.sub("pub: \n", "pub:\n", str(key)), self.ec1keytext)
def test_unencrypted_der_ec(self): key=PKey(privkey=pem2der(self.ec1priv),format="DER") self.assertIsNotNone(key.key) self.assertEqual(str(key),self.ec1keytext)
def test_encrypted_pem_cb(self): cb = lambda x: self.password key = PKey(privkey=self.rsaenc, password=cb) self.assertIsNotNone(key.key) self.assertEqual(str(key), self.rsakeytext)