def test_sign(self):
signer=PKey(privkey=self.ec1priv)
digest=b16decode("FFCA2587CFD4846E4CB975B503C9EB940F94566AA394E8BD571458B9DA5097D5")
signature=signer.sign(digest)
self.assertTrue(len(signature)>0)
verifier=PKey(pubkey=self.ec1pub)
self.assertTrue(verifier.verify(digest,signature))
def test_generate_ec(self):
templkey=PKey(pubkey=self.ec1pub)
newkey=PKey.generate("ec",paramsfrom=templkey)
self.assertIsNotNone(newkey.key)
s=str(newkey)
self.assertEqual(s[:s.find("\n")],"Public-Key: (256 bit)")
self.assertNotEqual(str(templkey),str(newkey))
def test_export_priv_encrypt(self):
from ctypescrypto.cipher import CipherType
key=PKey(privkey=self.rsa)
pem=key.exportpriv(password='******',cipher=CipherType("aes256"))
if pyver >2:
pem = pem.encode("ascii")
self.assertEqual(runopenssl(["pkey","-text_pub","-noout","-passin","pass:2222"],
pem),self.rsakeytext)
def test_export_priv_der_enc(self):
from ctypescrypto.cipher import CipherType
key = PKey(privkey=self.rsa)
der = key.exportpriv(format="DER",
password='******',
cipher=CipherType("aes256"))
self.assertEqual(
runopenssl(["pkcs8", "-passin", "pass:2222", "-inform", "DER"],
der), self.rsa)
def test_export_priv_encrypt(self):
from ctypescrypto.cipher import CipherType
key = PKey(privkey=self.rsa)
pem = key.exportpriv(password='******', cipher=CipherType("aes256"))
if pyver > 2:
pem = pem.encode("ascii")
self.assertEqual(
runopenssl(["pkey", "-text_pub", "-noout", "-passin", "pass:2222"],
pem), self.rsakeytext)
def test_generate_ec(self):
templkey=PKey(pubkey=self.ec1pub)
newkey=PKey.generate("ec",paramsfrom=templkey)
self.assertIsNotNone(newkey.key)
s=str(newkey)
self.assertEqual(s[:s.find("\n")],"Public-Key: (256 bit)")
self.assertNotEqual(str(templkey),str(newkey))
def create(curve, data):
"""
Creates EC keypair from the just secret key and curve name
@param curve - name of elliptic curve
@param num - byte array or long number representing key
"""
ec_key = libcrypto.EC_KEY_new_by_curve_name(curve.nid)
if ec_key is None:
raise PKeyError("EC_KEY_new_by_curvename")
group = libcrypto.EC_KEY_get0_group(ec_key)
if group is None:
raise PKeyError("EC_KEY_get0_group")
libcrypto.EC_GROUP_set_asn1_flag(group, 1)
raw_key = libcrypto.BN_new()
if isinstance(data, int):
libcrypto.BN_hex2bn(byref(raw_key), hex(data))
else:
if raw_key is None:
raise PKeyError("BN_new")
if libcrypto.BN_bin2bn(data, len(data), raw_key) is None:
raise PKeyError("BN_bin2bn")
ctx = libcrypto.BN_CTX_new()
if ctx is None:
raise PKeyError("BN_CTX_new")
order = libcrypto.BN_new()
if order is None:
raise PKeyError("BN_new")
priv_key = libcrypto.BN_new()
if priv_key is None:
raise PKeyError("BN_new")
if libcrypto.EC_GROUP_get_order(group, order, ctx) <= 0:
raise PKeyError("EC_GROUP_get_order")
if libcrypto.BN_nnmod(priv_key, raw_key, order, ctx) <= 0:
raise PKeyError("BN_nnmod")
if libcrypto.EC_KEY_set_private_key(ec_key, priv_key) <= 0:
raise PKeyError("EC_KEY_set_private_key")
pub_key = libcrypto.EC_POINT_new(group)
if pub_key is None:
raise PKeyError("EC_POINT_new")
if libcrypto.EC_POINT_mul(group, pub_key, priv_key, None, None, ctx) <= 0:
raise PKeyError("EC_POINT_mul")
if libcrypto.EC_KEY_set_public_key(ec_key, pub_key) <= 0:
raise PKeyError("EC_KEY_set_public_key")
libcrypto.BN_free(raw_key)
libcrypto.BN_free(order)
libcrypto.BN_free(priv_key)
libcrypto.BN_CTX_free(ctx)
pkey = libcrypto.EVP_PKEY_new()
if pkey is None:
raise PKeyError("EVP_PKEY_new")
if libcrypto.EVP_PKEY_set1_EC_KEY(pkey, ec_key) <= 0:
raise PKeyError("EVP_PKEY_set1_EC_KEY")
libcrypto.EC_KEY_free(ec_key)
return PKey(ptr=pkey, cansign=True)
def private_key(self, key_id, ui_method = None, ui_data=None):
from ctypescrypto.pkey import PKey
if ui_method is None:
ui_ptr = libcrypto.UI_OpenSSL()
else:
ui_ptr = ui_method.ptr
pkey = libcrypto.ENGINE_load_private_key(self.ptr, key_id, ui_ptr,
ui_data)
if pkey is None:
raise LibCryptoError("Cannot load private key")
return PKey(ptr=pkey, cansign=True)
def test_sign(self):
signer=PKey(privkey=self.ec1priv)
digest=b16decode("FFCA2587CFD4846E4CB975B503C9EB940F94566AA394E8BD571458B9DA5097D5")
signature=signer.sign(digest)
self.assertTrue(len(signature)>0)
verifier=PKey(pubkey=self.ec1pub)
self.assertTrue(verifier.verify(digest,signature))
def sign(message, key, cert, detached=True):
"""Sign a a given message."""
# FIXME
if not detached:
raise NotImplementedError()
signed = MIMEMultipart('signed',
micalg='sha-256',
protocol='application/pkcs7-signature')
signed.preamble = SIGNED_PREAMBLE
signed.attach(message)
cann = message.as_bytes().replace(b'\n', b'\r\n')
key, certstack = PKey(privkey=key.encode()), parse_pem(cert)
flags = Flags.DETACHED + Flags.BINARY
cms = SignedData.create(cann,
certstack[-1],
key,
flags=flags,
certs=certstack[:-1])
signature = MIMEApplication(cms,
'pkcs7-signature',
encode_cms,
name='smime.p7s')
signature.add_header('Content-Disposition',
'attachment',
filename='smime.p7s')
signed.attach(signature)
return signed
def test_export_priv_der(self):
key = PKey(privkey=self.rsa)
der = key.exportpriv(format="DER")
self.assertEqual(
runopenssl(["pkey", "-text_pub", "-noout", "-inform", "DER"], der),
self.rsakeytext)
def test_export_priv_pem(self):
key=PKey(privkey=self.ec1priv)
out=key.exportpriv()
self.assertEqual(self.ec1priv,out)
def test_encrypted_der_pkcs8(self):
pkcs8der = pem2der(self.pkcs8crypt)
key = PKey(privkey=pkcs8der, password=self.password, format="DER")
self.assertIsNotNone(key.key)
self.assertEqual(str(key), self.rsakeytext)
def test_generate_params(self):
newkey=PKey.generate("rsa",rsa_keygen_bits=2048)
self.assertIsNotNone(newkey.key)
s=str(newkey)
self.assertEqual(s[:s.find("\n")],"Public-Key: (2048 bit)")
def pubkey(self):
"""EVP PKEy object of certificate public key"""
return PKey(ptr=libcrypto.X509_get_pubkey(self.cert, False))
def test_encryped_pem_pkcs8(self):
key = PKey(privkey=self.pkcs8crypt, password=self.password)
self.assertIsNotNone(key.key)
self.assertEqual(str(key), self.rsakeytext)
def test_unencrypted_pem(self):
key=PKey(privkey=self.rsa)
self.assertIsNotNone(key.key)
self.assertEqual(str(key),self.rsakeytext)
def test_export_priv_pem(self):
key=PKey(privkey=self.ec1priv)
out=key.exportpriv()
self.assertEqual(self.ec1priv,out)
def test_unencrypted_pem_ec(self):
key = PKey(privkey=self.ec1priv)
self.assertIsNotNone(key.key)
self.assertEqual(re.sub("pub: \n", "pub:\n", str(key)),
self.ec1keytext)
def test_generate_params(self):
newkey=PKey.generate("rsa",rsa_keygen_bits=2048)
self.assertIsNotNone(newkey.key)
s=str(newkey)
self.assertEqual(s[:s.find("\n")],"Public-Key: (2048 bit)")
def test_generate(self):
newkey=PKey.generate("rsa")
self.assertIsNotNone(newkey.key)
s=str(newkey)
self.assertEqual(s[:s.find("\n")],"Public-Key: (1024 bit)")
def test_export_priv_der(self):
key=PKey(privkey=self.rsa)
der=key.exportpriv(format="DER")
self.assertEqual(runopenssl(["pkey","-text_pub","-noout","-inform","DER"],
der),self.rsakeytext)
def test_pubkey_pem(self):
key=PKey(pubkey=self.ec1pub)
self.assertIsNotNone(key.key)
self.assertEqual(str(key),self.ec1keytext)
def test_export_priv_der_enc(self):
from ctypescrypto.cipher import CipherType
key=PKey(privkey=self.rsa)
der=key.exportpriv(format="DER",password='******',cipher=CipherType("aes256"))
self.assertEqual(runopenssl(["pkcs8","-passin","pass:2222","-inform","DER"],
der),self.rsa)
def test_pubkey_der(self):
key=PKey(pubkey=pem2der(self.ec1pub),format="DER")
self.assertIsNotNone(key.key)
self.assertEqual(str(key),self.ec1keytext)
def test_generate(self):
newkey=PKey.generate("rsa")
self.assertIsNotNone(newkey.key)
s=str(newkey)
self.assertEqual(s[:s.find("\n")],"Public-Key: (1024 bit)")
def test_compare(self):
key1=PKey(privkey=self.ec1priv)
self.assertIsNotNone(key1.key)
key2=PKey(pubkey=self.ec1pub)
self.assertIsNotNone(key2.key)
self.assertEqual(key1,key2)
def test_unencrypted_pem_ec(self):
key=PKey(privkey=self.ec1priv)
self.assertIsNotNone(key.key)
self.assertEqual(str(key),self.ec1keytext)
def test_pubkey_pem(self):
key = PKey(pubkey=self.ec1pub)
self.assertIsNotNone(key.key)
self.assertEqual(re.sub("pub: \n", "pub:\n", str(key)),
self.ec1keytext)
def test_unencrypted_der_ec(self):
key=PKey(privkey=pem2der(self.ec1priv),format="DER")
self.assertIsNotNone(key.key)
self.assertEqual(str(key),self.ec1keytext)
def test_encrypted_pem_cb(self):
cb = lambda x: self.password
key = PKey(privkey=self.rsaenc, password=cb)
self.assertIsNotNone(key.key)
self.assertEqual(str(key), self.rsakeytext)
