def test_createfromoid(self):
oid = Oid('sha256')
d = digest.DigestType(oid)
self.assertEqual(d.digest_size, 32)
self.assertEqual(d.block_size, 64)
self.assertEqual(d.oid, Oid("sha256"))
self.assertEqual(d.name, 'sha256')
def test_subjectfields(self):
c = X509(self.cert1)
self.assertEqual(c.subject[Oid("C")], "RU")
with self.assertRaises(TypeError):
x = c.subject["CN"]
self.assertEqual(c.subject[Oid("L")],
u'\u041c\u043e\u0441\u043a\u0432\u0430')
def __init__(self, algorithm, key, digest=None, **kwargs):
"""
Constructor has to obligatory arguments:
@param algorithm - which is name of MAC algorithm i.e 'hmac' or
'gost-mac' or equivalent Oid object
@param key - byte buffer with key.
Optional parameters are:
digest - Oid or name of the digest algorithm to use. If none
specified, OpenSSL will try to derive one from the MAC
algorithm (or if algorithm is hmac, we'll substititute md5
for compatibility with standard hmac module
any other keyword argument is passed to EVP_PKEY_CTX as string
option.
"""
if isinstance(algorithm, str):
self.algorithm = Oid(algorithm)
elif isinstance(algorithm, Oid):
self.algorithm = algorithm
else:
raise TypeError("Algorthm must be string or Oid")
if self.algorithm == Oid('hmac') and digest is None:
digest = 'md5'
self.name = self.algorithm.shortname().lower()
if digest is not None:
self.digest_type = DigestType(digest)
self.name += '-' + self.digest_type.digest_name
d = self.digest_type.digest
else:
self.digest_type = None
d = None
self.key = libcrypto.EVP_PKEY_new_mac_key(self.algorithm.nid, None,
key, len(key))
if self.key is None:
raise DigestError("EVP_PKEY_new_mac_key")
pctx = c_void_p()
self.ctx = libcrypto.EVP_MD_CTX_create()
if self.ctx == 0:
raise DigestError("Unable to create digest context")
if libcrypto.EVP_DigestSignInit(self.ctx, pointer(pctx), d, None,
self.key) <= 0:
raise DigestError("Unable to intialize digest context")
self.digest_finalized = False
if self.digest_type is None:
self.digest_type = DigestType(
Oid(libcrypto.EVP_MD_type(libcrypto.EVP_MD_CTX_md(self.ctx))))
for (name, val) in kwargs.items():
if libcrypto.EVP_PKEY_CTX_ctrl_str(pctx, name, val) <= 0:
raise DigestError("Unable to set mac parameter")
self.digest_size = self.digest_type.digest_size
self.block_size = self.digest_type.block_size
def testLookup(self):
d='1.2.643.100.3'
sn="SNILS"
long_name="Russian Pension security number"
o=create(d,sn,long_name)
x=Oid(sn)
self.assertEqual(o,x)
def test_cn(self):
o=Oid("2.5.4.3")
self.assertEqual(repr(o),"Oid('2.5.4.3')")
self.assertEqual(o.dotted(),"2.5.4.3")
self.assertEqual(str(o),"2.5.4.3")
self.assertEqual(o.shortname(),"CN")
self.assertEqual(o.longname(),"commonName")
def CMS(data, format="PEM"):
"""
Factory function to create CMS objects from received messages.
Parses CMS data and returns either SignedData or EnvelopedData
object. format argument can be either "PEM" or "DER".
It determines object type from the contents of received CMS
structure.
"""
bio = Membio(data)
if format == "PEM":
ptr = libcrypto.PEM_read_bio_CMS(bio.bio, None, None, None)
else:
ptr = libcrypto.d2i_CMS_bio(bio.bio, None)
if ptr is None:
raise CMSError("Error parsing CMS data")
typeoid = Oid(libcrypto.OBJ_obj2nid(libcrypto.CMS_get0_type(ptr)))
if typeoid.shortname() == "pkcs7-signedData":
return SignedData(ptr)
elif typeoid.shortname() == "pkcs7-envelopedData":
return EnvelopedData(ptr)
elif typeoid.shortname() == "pkcs7-encryptedData":
return EncryptedData(ptr)
else:
raise NotImplementedError("cannot handle " + typeoid.shortname())
def testLookup(self):
d='1.2.643.9.100.99'
sn="CtypesCryptoTestOid"
long_name="Test Oid In CryptoCom Namespace"
o=create(d,sn,long_name)
x=Oid(sn)
self.assertEqual(o,x)
def testCleanup(self):
d='1.2.643.100.3'
sn="SNILS"
long_name="Russian Pension security number"
o=create(d,sn,long_name)
cleanup()
with self.assertRaises(ValueError):
x=Oid(sn)
def test_keyone(self):
key = create(
Oid("secp256k1"),
b16decode(
"2A71BA9DEA99BC1F7C104BAEC671EC7EFF8BFF969BB8D346DB4C3352A4699DC3",
True))
out = key.exportpriv()
self.assertEqual(out, self.ec1priv)
def test_createfromEVP_MD(self):
d1 = digest.DigestType("sha256")
d2 = digest.DigestType(None)
with self.assertRaises(AttributeError):
s = d2.name
d2.digest = d1.digest
self.assertEqual(d2.digest_size, 32)
self.assertEqual(d2.block_size, 64)
self.assertEqual(d2.oid, Oid("sha256"))
self.assertEqual(d2.name, 'sha256')
def test_bignum(self):
keyval = b'\xff' * 32
key = create(Oid("secp256k1"), keyval)
keyblob = key.exportpriv()
if pyver > 2:
keyblob = keyblob.encode("ascii")
self.assertEqual(dump_key(keyblob), dump_key(self.bigkey))
keyblob2 = str(key)
if pyver > 2:
keyblob2 = keyblob2.encode('ascii')
self.assertEqual(keyblob2, dump_pub_key(self.bigkey))
def test_certstack1(self):
l = []
l.append(X509(self.cert1))
self.assertEqual(unicode(l[0].subject[Oid('CN')]), u'Виктор Вагнер')
l.append(X509(self.ca_cert))
l.append(X509(self.digicert_cert))
stack = StackOfX509(certs=l)
self.assertEqual(len(stack), 3)
self.assertTrue(isinstance(stack[1], X509))
self.assertEqual(unicode(stack[0].subject[Oid('CN')]),
u'Виктор Вагнер')
with self.assertRaises(IndexError):
c = stack[-1]
with self.assertRaises(IndexError):
c = stack[3]
del stack[1]
self.assertEqual(len(stack), 2)
self.assertEqual(unicode(stack[0].subject[Oid('CN')]),
u'Виктор Вагнер')
self.assertEqual(unicode(stack[1].subject[Oid('CN')]),
u'DigiCert High Assurance EV CA-1')
def test_certstack3(self):
l = []
l.append(X509(self.cert1))
self.assertEqual(unicode(l[0].subject[Oid('CN')]), u'Виктор Вагнер')
l.append(X509(self.ca_cert))
l.append(X509(self.digicert_cert))
stack = StackOfX509(certs=l)
stack2 = StackOfX509(ptr=stack.ptr, disposable=False)
with self.assertRaises(ValueError):
stack3 = StackOfX509(ptr=stack.ptr, certs=l)
with self.assertRaises(ValueError):
stack2[1] = l[0]
with self.assertRaises(ValueError):
stack2.append(l[0])
def test_keyone(self):
key = create(
Oid("secp256k1"),
b16decode(
"2A71BA9DEA99BC1F7C104BAEC671EC7EFF8BFF969BB8D346DB4C3352A4699DC3",
True))
out = key.exportpriv()
if pyver > 2:
out = out.encode("ascii")
self.assertEqual(dump_key(out), dump_key(self.ec1priv))
if pyver == 2:
self.assertEqual(str(key), dump_pub_key(self.ec1priv))
else:
self.assertEqual(
str(key).encode("ascii"), dump_pub_key(self.ec1priv))
def test_certstack2(self):
stack = StackOfX509()
stack.append(X509(self.cert1))
stack.append(X509(self.ca_cert))
c = stack[1]
stack[1] = X509(self.digicert_cert)
self.assertEqual(len(stack), 2)
self.assertEqual(unicode(stack[1].subject[Oid('CN')]),
u'DigiCert High Assurance EV CA-1')
with self.assertRaises(IndexError):
stack[-1] = c
with self.assertRaises(IndexError):
stack[3] = c
with self.assertRaises(TypeError):
stack[0] = self.cert1
with self.assertRaises(TypeError):
stack.append(self.cert1)
def CMS(data, format="PEM"):
"""
Parses CMS data and returns either SignedData or EnvelopedData
object
"""
bio = Membio(data)
if format == "PEM":
ptr = libcrypto.PEM_read_bio_CMS(bio.bio, None, None, None)
else:
ptr = libcrypto.d2i_CMS_bio(bio.bio, None)
if ptr is None:
raise CMSError("Error parsing CMS data")
typeoid = Oid(libcrypto.OBJ_obj2nid(libcrypto.CMS_get0_type(ptr)))
if typeoid.shortname() == "pkcs7-signedData":
return SignedData(ptr)
elif typeoid.shortname() == "pkcs7-envelopedData":
return EnvelopedData(ptr)
elif typeoid.shortname() == "pkcs7-encryptedData":
return EncryptedData(ptr)
else:
raise NotImplementedError("cannot handle " + typeoid.shortname())
def test_fromunicode(self):
o=Oid(u'commonName')
self.assertEqual(o.shortname(),'CN')
def test_extenson_find(self):
cert = X509(self.cert1)
exts = cert.extensions.find(Oid('subjectAltName'))
self.assertEqual(len(exts), 1)
self.assertEqual(exts[0].oid, Oid('subjectAltName'))
def test_extension_oid(self):
cert = X509(self.cert1)
ext = cert.extensions[0]
ext_id = ext.oid
self.assertTrue(isinstance(ext_id, Oid))
self.assertEqual(ext_id, Oid('basicConstraints'))
def test_subjectfieldindex(self):
c = X509(self.cert1)
self.assertEqual(repr(c.subject[0]), repr((Oid('C'), u'RU')))
def test_subjectbadsubfield(self):
c = X509(self.cert1)
with self.assertRaises(KeyError):
x = c.subject[Oid("streetAddress")]
def test_subjectmodify(self):
c = X509(self.cert1)
with self.assertRaises(ValueError):
c.subject[Oid("CN")] = u'Foo'
with self.assertRaises(ValueError):
del c.subject[Oid('CN')]
def test_wrongtype(self):
with self.assertRaises(TypeError):
o=Oid([2,5,3,4])
def test_wrongname(self):
with self.assertRaises(ValueError):
o=Oid("No such oid in the database")
def test_bignum(self):
keyval = '\xff' * 32
key = create(Oid("secp256k1"), keyval)
self.assertEqual(key.exportpriv(), self.bigkey)
def test_wrongnid(self):
with self.assertRaises(ValueError):
o=Oid(9999999)
def test_mac_wrongtype(self):
with self.assertRaises(TypeError):
d = MAC(Oid('hmac').nid, key=b'1234' * 4)
def test_wrongoid(self):
with self.assertRaises(ValueError):
o=Oid("1.2.3.4.5.6.7.8.10.111.1111")
def test_hmac_byoid(self):
d = MAC(Oid('hmac'), key=b'1234' * 4)
d.update(b'The Quick brown fox jumps over the lazy dog\n')
self.assertEqual(d.name, 'hmac-md5')
self.assertEqual(d.hexdigest(), 'A9C16D91CDF2A99273B72336D0D16B56')
def oid(self):
"""
Returns ASN.1 object identifier of the cipher as
ctypescrypto.oid.Oid object
"""
return Oid(libcrypto.EVP_CIPHER_nid(self.cipher))
