def test_cn(self): o=Oid("2.5.4.3") self.assertEqual(repr(o),"Oid('2.5.4.3')") self.assertEqual(o.dotted(),"2.5.4.3") self.assertEqual(str(o),"2.5.4.3") self.assertEqual(o.shortname(),"CN") self.assertEqual(o.longname(),"commonName")
def CMS(data, format="PEM"): """ Factory function to create CMS objects from received messages. Parses CMS data and returns either SignedData or EnvelopedData object. format argument can be either "PEM" or "DER". It determines object type from the contents of received CMS structure. """ bio = Membio(data) if format == "PEM": ptr = libcrypto.PEM_read_bio_CMS(bio.bio, None, None, None) else: ptr = libcrypto.d2i_CMS_bio(bio.bio, None) if ptr is None: raise CMSError("Error parsing CMS data") typeoid = Oid(libcrypto.OBJ_obj2nid(libcrypto.CMS_get0_type(ptr))) if typeoid.shortname() == "pkcs7-signedData": return SignedData(ptr) elif typeoid.shortname() == "pkcs7-envelopedData": return EnvelopedData(ptr) elif typeoid.shortname() == "pkcs7-encryptedData": return EncryptedData(ptr) else: raise NotImplementedError("cannot handle "+typeoid.shortname())
def test_createfromoid(self): oid = Oid('sha256') d = digest.DigestType(oid) self.assertEqual(d.digest_size, 32) self.assertEqual(d.block_size, 64) self.assertEqual(d.oid, Oid("sha256")) self.assertEqual(d.name, 'sha256')
def test_subjectfields(self): c = X509(self.cert1) self.assertEqual(c.subject[Oid("C")], "RU") with self.assertRaises(TypeError): x = c.subject["CN"] self.assertEqual(c.subject[Oid("L")], u'\u041c\u043e\u0441\u043a\u0432\u0430')
def __init__(self, algorithm, key, digest=None, **kwargs): """ Constructor has to obligatory arguments: @param algorithm - which is name of MAC algorithm i.e 'hmac' or 'gost-mac' or equivalent Oid object @param key - byte buffer with key. Optional parameters are: digest - Oid or name of the digest algorithm to use. If none specified, OpenSSL will try to derive one from the MAC algorithm (or if algorithm is hmac, we'll substititute md5 for compatibility with standard hmac module any other keyword argument is passed to EVP_PKEY_CTX as string option. """ if isinstance(algorithm, str): self.algorithm = Oid(algorithm) elif isinstance(algorithm, Oid): self.algorithm = algorithm else: raise TypeError("Algorthm must be string or Oid") if self.algorithm == Oid('hmac') and digest is None: digest = 'md5' self.name = self.algorithm.shortname().lower() if digest is not None: self.digest_type = DigestType(digest) self.name += '-' + self.digest_type.digest_name d = self.digest_type.digest else: self.digest_type = None d = None self.key = libcrypto.EVP_PKEY_new_mac_key(self.algorithm.nid, None, key, len(key)) if self.key is None: raise DigestError("EVP_PKEY_new_mac_key") pctx = c_void_p() self.ctx = libcrypto.EVP_MD_CTX_create() if self.ctx == 0: raise DigestError("Unable to create digest context") if libcrypto.EVP_DigestSignInit(self.ctx, pointer(pctx), d, None, self.key) <= 0: raise DigestError("Unable to intialize digest context") self.digest_finalized = False if self.digest_type is None: self.digest_type = DigestType( Oid(libcrypto.EVP_MD_type(libcrypto.EVP_MD_CTX_md(self.ctx)))) for (name, val) in kwargs.items(): if libcrypto.EVP_PKEY_CTX_ctrl_str(pctx, name, val) <= 0: raise DigestError("Unable to set mac parameter") self.digest_size = self.digest_type.digest_size self.block_size = self.digest_type.block_size
def testLookup(self): d='1.2.643.100.3' sn="SNILS" long_name="Russian Pension security number" o=create(d,sn,long_name) x=Oid(sn) self.assertEqual(o,x)
def testLookup(self): d='1.2.643.9.100.99' sn="CtypesCryptoTestOid" long_name="Test Oid In CryptoCom Namespace" o=create(d,sn,long_name) x=Oid(sn) self.assertEqual(o,x)
def testCleanup(self): d='1.2.643.100.3' sn="SNILS" long_name="Russian Pension security number" o=create(d,sn,long_name) cleanup() with self.assertRaises(ValueError): x=Oid(sn)
def testFromObj(self): from ctypescrypto import libcrypto from ctypes import c_int, c_char_p, c_void_p libcrypto.OBJ_txt2obj.argtypes = (c_char_p, c_int) libcrypto.OBJ_txt2obj.restype = c_void_p obj = libcrypto.OBJ_txt2obj("1.2.643.100.9", 1) oid = Oid.fromobj(obj) self.assertEqual(str(oid), '1.2.643.100.9')
def test_keyone(self): key = create( Oid("secp256k1"), b16decode( "2A71BA9DEA99BC1F7C104BAEC671EC7EFF8BFF969BB8D346DB4C3352A4699DC3", True)) out = key.exportpriv() self.assertEqual(out, self.ec1priv)
def test_createfromEVP_MD(self): d1 = digest.DigestType("sha256") d2 = digest.DigestType(None) with self.assertRaises(AttributeError): s = d2.name d2.digest = d1.digest self.assertEqual(d2.digest_size, 32) self.assertEqual(d2.block_size, 64) self.assertEqual(d2.oid, Oid("sha256")) self.assertEqual(d2.name, 'sha256')
def CMS(data, format="PEM"): """ Parses CMS data and returns either SignedData or EnvelopedData object """ bio = Membio(data) if format == "PEM": ptr = libcrypto.PEM_read_bio_CMS(bio.bio, None, None, None) else: ptr = libcrypto.d2i_CMS_bio(bio.bio, None) typeoid = Oid(libcrypto.OBJ_obj2nid(libcrypto.CMS_get0_type(ptr))) if typeoid.shortname() == "pkcs7-signedData": return SignedData(ptr) elif typeoid.shortname() == "pkcs7-envelopedData": return EnvelopedData(ptr) elif typeoid.shortname() == "pkcs7-encryptedData": return EncryptedData(ptr) else: raise NotImplementedError("cannot handle "+typeoid.shortname())
def test_bignum(self): keyval = b'\xff' * 32 key = create(Oid("secp256k1"), keyval) keyblob = key.exportpriv() if pyver > 2: keyblob = keyblob.encode("ascii") self.assertEqual(dump_key(keyblob), dump_key(self.bigkey)) keyblob2 = str(key) if pyver > 2: keyblob2 = keyblob2.encode('ascii') self.assertEqual(keyblob2, dump_pub_key(self.bigkey))
def test_certstack1(self): l = [] l.append(X509(self.cert1)) self.assertEqual(unicode(l[0].subject[Oid('CN')]), u'Виктор Вагнер') l.append(X509(self.ca_cert)) l.append(X509(self.digicert_cert)) stack = StackOfX509(certs=l) self.assertEqual(len(stack), 3) self.assertTrue(isinstance(stack[1], X509)) self.assertEqual(unicode(stack[0].subject[Oid('CN')]), u'Виктор Вагнер') with self.assertRaises(IndexError): c = stack[-1] with self.assertRaises(IndexError): c = stack[3] del stack[1] self.assertEqual(len(stack), 2) self.assertEqual(unicode(stack[0].subject[Oid('CN')]), u'Виктор Вагнер') self.assertEqual(unicode(stack[1].subject[Oid('CN')]), u'DigiCert High Assurance EV CA-1')
def CMS(data, format="PEM"): """ Factory function to create CMS objects from received messages. Parses CMS data and returns either SignedData or EnvelopedData object. format argument can be either "PEM" or "DER". It determines object type from the contents of received CMS structure. """ bio = Membio(data) if format == "PEM": ptr = libcrypto.PEM_read_bio_CMS(bio.bio, None, None, None) else: ptr = libcrypto.d2i_CMS_bio(bio.bio, None) if ptr is None: raise CMSError("Error parsing CMS data") typeoid = Oid(libcrypto.OBJ_obj2nid(libcrypto.CMS_get0_type(ptr))) if typeoid.shortname() == "pkcs7-signedData": return SignedData(ptr) elif typeoid.shortname() == "pkcs7-envelopedData": return EnvelopedData(ptr) elif typeoid.shortname() == "pkcs7-encryptedData": return EncryptedData(ptr) else: raise NotImplementedError("cannot handle " + typeoid.shortname())
def __init__(self,algorithm,key,digest=None,**kwargs): """ Constructor has to obligatory arguments: @param algorithm - which is name of MAC algorithm i.e 'hmac' or 'gost-mac' or equivalent Oid object @param key - byte buffer with key. Optional parameters are: digest - Oid or name of the digest algorithm to use. If none specified, OpenSSL will try to derive one from the MAC algorithm (or if algorithm is hmac, we'll substititute md5 for compatibility with standard hmac module any other keyword argument is passed to EVP_PKEY_CTX as string option. """ if isinstance(algorithm,str): self.algorithm=Oid(algorithm) elif isinstance(algorithm,Oid): self.algorithm=algorithm else: raise TypeError("Algorthm must be string or Oid") if self.algorithm==Oid('hmac') and digest is None: digest='md5' self.name=self.algorithm.shortname().lower() if digest is not None: self.digest_type=DigestType(digest) self.name+='-'+self.digest_type.digest_name d=self.digest_type.digest else: self.digest_type=None d=None self.key=libcrypto.EVP_PKEY_new_mac_key(self.algorithm.nid,None,key,len(key)) if self.key is None: raise DigestError("EVP_PKEY_new_mac_key") pctx=c_void_p() self.ctx = libcrypto.EVP_MD_CTX_create() if self.ctx == 0: raise DigestError("Unable to create digest context") if libcrypto.EVP_DigestSignInit(self.ctx,pointer(pctx),d,None,self.key) <= 0: raise DigestError("Unable to intialize digest context") self.digest_finalized=False if self.digest_type is None: self.digest_type=DigestType(Oid(libcrypto.EVP_MD_type(libcrypto.EVP_MD_CTX_md(self.ctx)))) for (name,val) in kwargs.items(): if libcrypto.EVP_PKEY_CTX_ctrl_str(pctx,name,val)<=0: raise DigestError("Unable to set mac parameter") self.digest_size = self.digest_type.digest_size() self.block_size = self.digest_type.block_size()
def test_certstack3(self): l = [] l.append(X509(self.cert1)) self.assertEqual(unicode(l[0].subject[Oid('CN')]), u'Виктор Вагнер') l.append(X509(self.ca_cert)) l.append(X509(self.digicert_cert)) stack = StackOfX509(certs=l) stack2 = StackOfX509(ptr=stack.ptr, disposable=False) with self.assertRaises(ValueError): stack3 = StackOfX509(ptr=stack.ptr, certs=l) with self.assertRaises(ValueError): stack2[1] = l[0] with self.assertRaises(ValueError): stack2.append(l[0])
def test_keyone(self): key = create( Oid("secp256k1"), b16decode( "2A71BA9DEA99BC1F7C104BAEC671EC7EFF8BFF969BB8D346DB4C3352A4699DC3", True)) out = key.exportpriv() if pyver > 2: out = out.encode("ascii") self.assertEqual(dump_key(out), dump_key(self.ec1priv)) if pyver == 2: self.assertEqual(str(key), dump_pub_key(self.ec1priv)) else: self.assertEqual( str(key).encode("ascii"), dump_pub_key(self.ec1priv))
def test_certstack2(self): stack = StackOfX509() stack.append(X509(self.cert1)) stack.append(X509(self.ca_cert)) c = stack[1] stack[1] = X509(self.digicert_cert) self.assertEqual(len(stack), 2) self.assertEqual(unicode(stack[1].subject[Oid('CN')]), u'DigiCert High Assurance EV CA-1') with self.assertRaises(IndexError): stack[-1] = c with self.assertRaises(IndexError): stack[3] = c with self.assertRaises(TypeError): stack[0] = self.cert1 with self.assertRaises(TypeError): stack.append(self.cert1)
def __getitem__(self, key): if isinstance(key, Oid): # Return first matching field idx = libcrypto.X509_NAME_get_index_by_NID(self.ptr, key.nid, -1) if idx < 0: raise KeyError("Key not found " + str(Oid)) entry = libcrypto.X509_NAME_get_entry(self.ptr, idx) value = libcrypto.X509_NAME_ENTRY_get_data(entry) bio = Membio() libcrypto.ASN1_STRING_print_ex(bio.bio, value, self.PRINT_FLAG) return chartype(bio) elif isinstance(key, inttype): # Return OID, string tuple entry = libcrypto.X509_NAME_get_entry(self.ptr, key) if entry is None: raise IndexError("name entry index out of range") oid = Oid.fromobj(libcrypto.X509_NAME_ENTRY_get_object(entry)) value = libcrypto.X509_NAME_ENTRY_get_data(entry) bio = Membio() libcrypto.ASN1_STRING_print_ex(bio.bio, value, self.PRINT_FLAG) return (oid, chartype(bio)) else: raise TypeError("X509 NAME can be indexed by Oids or integers only")
def CMS(data, format="PEM"): """ Parses CMS data and returns either SignedData or EnvelopedData object """ bio = Membio(data) if format == "PEM": ptr = libcrypto.PEM_read_bio_CMS(bio.bio, None, None, None) else: ptr = libcrypto.d2i_CMS_bio(bio.bio, None) if ptr is None: raise CMSError("Error parsing CMS data") typeoid = Oid(libcrypto.OBJ_obj2nid(libcrypto.CMS_get0_type(ptr))) if typeoid.shortname() == "pkcs7-signedData": return SignedData(ptr) elif typeoid.shortname() == "pkcs7-envelopedData": return EnvelopedData(ptr) elif typeoid.shortname() == "pkcs7-encryptedData": return EncryptedData(ptr) else: raise NotImplementedError("cannot handle " + typeoid.shortname())
def test_extension_oid(self): cert = X509(self.cert1) ext = cert.extensions[0] ext_id = ext.oid self.assertTrue(isinstance(ext_id, Oid)) self.assertEqual(ext_id, Oid('basicConstraints'))
def test_subjectfieldindex(self): c = X509(self.cert1) self.assertEqual(repr(c.subject[0]), repr((Oid('C'), u'RU')))
def test_subjectbadsubfield(self): c = X509(self.cert1) with self.assertRaises(KeyError): x = c.subject[Oid("streetAddress")]
def test_subjectmodify(self): c = X509(self.cert1) with self.assertRaises(ValueError): c.subject[Oid("CN")] = u'Foo' with self.assertRaises(ValueError): del c.subject[Oid('CN')]
def test_hmac_byoid(self): d = MAC(Oid('hmac'), key=b'1234' * 4) d.update(b'The Quick brown fox jumps over the lazy dog\n') self.assertEqual(d.name, 'hmac-md5') self.assertEqual(d.hexdigest(), 'A9C16D91CDF2A99273B72336D0D16B56')
def test_bignum(self): keyval = '\xff' * 32 key = create(Oid("secp256k1"), keyval) self.assertEqual(key.exportpriv(), self.bigkey)
def test_wrongtype(self): with self.assertRaises(TypeError): o=Oid([2,5,3,4])
def oid(self): "Returns OID of the extension" return Oid.fromobj(self.ptr[0].object)
def oid(self): """ Returns ASN.1 object identifier of the cipher as ctypescrypto.oid.Oid object """ return Oid(libcrypto.EVP_CIPHER_nid(self.cipher))
def test_fromunicode(self): o=Oid(u'commonName') self.assertEqual(o.shortname(),'CN')
def test_extenson_find(self): cert = X509(self.cert1) exts = cert.extensions.find(Oid('subjectAltName')) self.assertEqual(len(exts), 1) self.assertEqual(exts[0].oid, Oid('subjectAltName'))
def test_mac_wrongtype(self): with self.assertRaises(TypeError): d = MAC(Oid('hmac').nid, key=b'1234' * 4)
def test_wrongnid(self): with self.assertRaises(ValueError): o=Oid(9999999)
class MAC(Digest): """ This object represents MAC context. It is quite simular to digest algorithm. It is simular to hmac objects provided by standard library """ def __init__(self,algorithm,key,digest=None,**kwargs): """ Constructor has to obligatory arguments: @param algorithm - which is name of MAC algorithm i.e 'hmac' or 'gost-mac' or equivalent Oid object @param key - byte buffer with key. Optional parameters are: digest - Oid or name of the digest algorithm to use. If none specified, OpenSSL will try to derive one from the MAC algorithm (or if algorithm is hmac, we'll substititute md5 for compatibility with standard hmac module any other keyword argument is passed to EVP_PKEY_CTX as string option. """ if isinstance(algorithm,str): self.algorithm=Oid(algorithm) elif isinstance(algorithm,Oid): self.algorithm=algorithm else: raise TypeError("Algorthm must be string or Oid") if self.algorithm==Oid('hmac') and digest is None: digest='md5' self.name=self.algorithm.shortname().lower() if digest is not None: self.digest_type=DigestType(digest) self.name+='-'+self.digest_type.digest_name d=self.digest_type.digest else: self.digest_type=None d=None self.key=libcrypto.EVP_PKEY_new_mac_key(self.algorithm.nid,None,key,len(key)) if self.key is None: raise DigestError("EVP_PKEY_new_mac_key") pctx=c_void_p() self.ctx = libcrypto.EVP_MD_CTX_create() if self.ctx == 0: raise DigestError("Unable to create digest context") if libcrypto.EVP_DigestSignInit(self.ctx,pointer(pctx),d,None,self.key) <= 0: raise DigestError("Unable to intialize digest context") self.digest_finalized=False if self.digest_type is None: self.digest_type=DigestType(Oid(libcrypto.EVP_MD_type(libcrypto.EVP_MD_CTX_md(self.ctx)))) for (name,val) in kwargs.items(): if libcrypto.EVP_PKEY_CTX_ctrl_str(pctx,name,val)<=0: raise DigestError("Unable to set mac parameter") self.digest_size = self.digest_type.digest_size() self.block_size = self.digest_type.block_size() def digest(self,data=None): """ Method digest is redefined to return keyed MAC value instead of just digest. """ if data is not None: self.update(data) b=create_string_buffer(256) size=c_size_t(256) if libcrypto.EVP_DigestSignFinal(self.ctx,b,pointer(size))<=0: raise DigestError('SignFinal') self.digest_finalized=True return b.raw[:size.value]
def oid(self): return Oid.fromobj(self.ptr[0].object)