def test_encrypted_data(self):
cert_bag_expected = b64decode(b"""
MIIDSjCCA0YGCyqGSIb3DQEMCgEDoIIDHjCCAxoGCiqGSIb3DQEJFgGgggMKBIIDBjCCAwIwggKt
oAMCAQICEAHQaF8xH5bAAAAACycJAAEwDAYIKoUDBwEBAwIFADBgMQswCQYDVQQGEwJSVTEVMBMG
A1UEBwwM0JzQvtGB0LrQstCwMQ8wDQYDVQQKDAbQotCaMjYxKTAnBgNVBAMMIENBIGNlcnRpZmlj
YXRlIChQS0NTIzEyIGV4YW1wbGUpMB4XDTE1MDMyNzA3MjUwMFoXDTIwMDMyNzA3MjMwMFowZDEL
MAkGA1UEBhMCUlUxFTATBgNVBAcMDNCc0L7RgdC60LLQsDEPMA0GA1UECgwG0KLQmjI2MS0wKwYD
VQQDDCRUZXN0IGNlcnRpZmljYXRlIDEgKFBLQ1MjMTIgZXhhbXBsZSkwZjAfBggqhQMHAQEBATAT
BgcqhQMCAiMBBggqhQMHAQECAgNDAARA1xzymkpvr2dYJT8WTOX3Dt96/+hGsXNytUQpkWB5ImJM
4tg9AsC4RIUwV5H41MhG0uBRFweTzN6AsAdBvhTClYEJADI3MDkwMDAxo4IBKTCCASUwKwYDVR0Q
BCQwIoAPMjAxNTAzMjcwNzI1MDBagQ8yMDE2MDMyNzA3MjUwMFowDgYDVR0PAQH/BAQDAgTwMB0G
A1UdDgQWBBQhWOsRQ68yYN2Utg/owHoWcqsVbTAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUH
AwQwDAYDVR0TAQH/BAIwADCBmQYDVR0jBIGRMIGOgBQmnc7Xh5ykb5t/BMwOkxA4drfEmqFkpGIw
YDELMAkGA1UEBhMCUlUxFTATBgNVBAcMDNCc0L7RgdC60LLQsDEPMA0GA1UECgwG0KLQmjI2MSkw
JwYDVQQDDCBDQSBjZXJ0aWZpY2F0ZSAoUEtDUyMxMiBleGFtcGxlKYIQAdBoXvL8TSAAAAALJwkA
ATAMBggqhQMHAQEDAgUAA0EA9oq0Vvk8kkgIwkp0x0J5eKtia4MNTiwKAm7jgnCZIx3O98BThaTX
3ZQhEo2RL9pTCPr6wFMheeJ+YdGMReXvsjEVMBMGCSqGSIb3DQEJFTEGBAQBAAAA
""")
pfx, tail = PFX().decode(self.pfx_raw)
self.assertSequenceEqual(tail, b"")
octet_string_safe_contents, tail = OctetStringSafeContents().decode(
bytes(pfx["authSafe"]["content"]), )
self.assertSequenceEqual(tail, b"")
outer_safe_contents = octet_string_safe_contents["safeContents"]
encrypted_data, tail = EncryptedData().decode(
bytes(outer_safe_contents[1]["bagValue"]), )
self.assertSequenceEqual(tail, b"")
pbes2_params, _ = PBES2Params().decode(
bytes(encrypted_data["encryptedContentInfo"]
["contentEncryptionAlgorithm"]["parameters"]), )
self.assertSequenceEqual(tail, b"")
pbkdf2_params, tail = PBKDF2Params().decode(
bytes(pbes2_params["keyDerivationFunc"]["parameters"]), )
self.assertSequenceEqual(tail, b"")
enc_scheme_params, tail = Gost2814789Parameters().decode(
bytes(pbes2_params["encryptionScheme"]["parameters"]), )
self.assertSequenceEqual(tail, b"")
key = gost34112012_pbkdf2(
password=self.password.encode("utf-8"),
salt=bytes(pbkdf2_params["salt"]["specified"]),
iterations=int(pbkdf2_params["iterationCount"]),
dklen=32,
)
# key = hexdec("0e93d71339e7f53b79a0bc41f9109dd4fb60b30ae10736c1bb77b84c07681cfc")
self.assertSequenceEqual(
cfb_decrypt(
key,
bytes(encrypted_data["encryptedContentInfo"]
["encryptedContent"]),
iv=bytes(enc_scheme_params["iv"]),
sbox="Gost28147_tc26_ParamZ",
),
cert_bag_expected,
)
def test_shrouded_key_bag(self):
private_key_info_expected = b64decode(b"""
MGYCAQAwHwYIKoUDBwEBAQEwEwYHKoUDAgIjAQYIKoUDBwEBAgIEQEYbRu86z+1JFKDcPDN9UbTG
G2ki9enTqos4KpUU0j9IDpl1UXiaA1YDIwUjlAp+81GkLmyt8Fw6Gt/X5JZySAY=
""")
pfx, tail = PFX().decode(self.pfx_raw)
self.assertSequenceEqual(tail, b"")
octet_string_safe_contents, tail = OctetStringSafeContents().decode(
bytes(pfx["authSafe"]["content"]), )
self.assertSequenceEqual(tail, b"")
outer_safe_contents = octet_string_safe_contents["safeContents"]
octet_string_safe_contents, tail = OctetStringSafeContents().decode(
bytes(outer_safe_contents[0]["bagValue"]), )
self.assertSequenceEqual(tail, b"")
safe_bag = octet_string_safe_contents["safeContents"][0]
shrouded_key_bag, tail = PKCS8ShroudedKeyBag().decode(
bytes(safe_bag["bagValue"]), )
self.assertSequenceEqual(tail, b"")
pbes2_params, tail = PBES2Params().decode(
bytes(shrouded_key_bag["encryptionAlgorithm"]["parameters"]), )
self.assertSequenceEqual(tail, b"")
pbkdf2_params, tail = PBKDF2Params().decode(
bytes(pbes2_params["keyDerivationFunc"]["parameters"]), )
self.assertSequenceEqual(tail, b"")
enc_scheme_params, tail = Gost2814789Parameters().decode(
bytes(pbes2_params["encryptionScheme"]["parameters"]), )
self.assertSequenceEqual(tail, b"")
key = gost34112012_pbkdf2(
password=self.password.encode("utf-8"),
salt=bytes(pbkdf2_params["salt"]["specified"]),
iterations=int(pbkdf2_params["iterationCount"]),
dklen=32,
)
# key = hexdec("309dd0354c5603739403f2335e9e2055138f8b5c98b63009de0635eea1fd7ba8")
self.assertSequenceEqual(
cfb_decrypt(
key,
bytes(shrouded_key_bag["encryptedData"]),
iv=bytes(enc_scheme_params["iv"]),
sbox="Gost28147_tc26_ParamZ",
),
private_key_info_expected,
)
def test_mac(self):
pfx, tail = PFX().decode(self.pfx_raw)
self.assertSequenceEqual(tail, b"")
_, outer_safe_contents = pfx["authSafe"]["content"].defined
mac_data = pfx["macData"]
mac_key = gost34112012_pbkdf2(
password=self.password.encode('utf-8'),
salt=bytes(mac_data["macSalt"]),
iterations=int(mac_data["iterations"]),
dklen=96,
)[-32:]
# mac_key = hexdec("cadbfbf3bceaa9b79f651508fac5abbeb4a13d0bd0e1876bd3c3efb2112128a5")
self.assertSequenceEqual(
hmac_new(
key=mac_key,
msg=SafeContents(outer_safe_contents).encode(),
digestmod=GOST34112012512,
).digest(),
bytes(mac_data["mac"]["digest"]),
)