class AttributeTypeAndValue(Sequence): schema = ( ("type", AttributeType( defines=(((".", "value"), { ObjectIdentifier("2.5.4.6"): PrintableString(), ObjectIdentifier("2.5.4.8"): PrintableString(), ObjectIdentifier("2.5.4.7"): PrintableString(), ObjectIdentifier("2.5.4.10"): OrganizationName(), ObjectIdentifier("2.5.4.3"): PrintableString(), }), ))), ("value", AttributeValue()), )
def test__parse_public_key_hash_raise(self): pem_cert = self.crypto._parse_pem(valid_cert) asn_cert = self.crypto._parse_asn_cert(pem_cert) asn_cert["tbsCertificate"]["subjectPublicKeyInfo"]["algorithm"][ "parameters"] = Any( GostR34102012PublicKeyParameters(( ("publicKeyParamSet", ObjectIdentifier("1.2.643.7.1.2.1.2.9999")), ("digestParamSet", ObjectIdentifier("1.2.643.7.1.2.1.2.9999")), ))) cert_new = b64encode(asn_cert.encode()).decode() with self.assertRaises(CertNotValid): self.crypto._parse_public_key_hash( "-----BEGIN CERTIFICATE-----\n" + cert_new + "\n-----END CERTIFICATE-----")
class EncryptionAlgorithmIdentifier(AlgorithmIdentifier): schema = ( ("algorithm", ObjectIdentifier(defines=( (("parameters",), {id_pbes2: PBES2Params()}), ))), ("parameters", Any(optional=True)), )
class PBES2Encs(AlgorithmIdentifier): schema = ( ("algorithm", ObjectIdentifier(defines=( (("parameters",), {id_Gost28147_89: Gost2814789Parameters()}), ))), ("parameters", Any(optional=True)), )
class PBES2KDFs(AlgorithmIdentifier): schema = ( ("algorithm", ObjectIdentifier(defines=( (("parameters",), {id_pbkdf2: PBKDF2Params()}), ))), ("parameters", Any(optional=True)), )
class AccessDescription(Sequence): # AccessDescription ::= SEQUENCE { # accessMethod OBJECT IDENTIFIER, # accessLocation GeneralName } schema = ( ("accessMethod", ObjectIdentifier()), ("accessLocation", GeneralName()), )
def test__get_curve_raise(self): cert = self.crypto._parse_asn_tbs_cert(valid_cert) cert["subjectPublicKeyInfo"]["algorithm"]["parameters"] = Any( GostR34102012PublicKeyParameters( (("publicKeyParamSet", ObjectIdentifier("1.2.643.7.1.2.1.2.9999")), ))) with self.assertRaises(CertNotValid): self.crypto._get_curve(cert)
class SafeBag(Sequence): schema = ( ("bagId", ObjectIdentifier(defines=( (("bagValue",), {id_encryptedData: EncryptedData()}), ))), ("bagValue", PKCS12BagSet(expl=tag_ctxc(0))), ("bagAttributes", PKCS12Attributes(optional=True)), )
class OtherName(Sequence): # OtherName ::= SEQUENCE { # type-id OBJECT IDENTIFIER, # value [0] EXPLICIT ANY DEFINED BY type-id } schema = ( ("type-id", ObjectIdentifier()), ("value", Any(expl=tag_ctxc(0))), )
class PrivateKeyAlgorithmIdentifier(Sequence): schema = ( ("algorithm", ObjectIdentifier(defines=(( ("parameters", ), { id_tc26_gost3410_2012_256: GostR34102012PublicKeyParameters(), id_tc26_gost3410_2012_512: GostR34102012PublicKeyParameters(), }), ))), ("parameters", Any(optional=True)), )
class GostR34102001TransportParameters(Sequence): schema = ( ("encryptionParamSet", ObjectIdentifier()), ("ephemeralPublicKey", SubjectPublicKeyInfo( impl=tag_ctxc(0), optional=True, )), ("ukm", OctetString()), )
class AlgorithmIdentifier(Sequence): # AlgorithmIdentifier ::= SEQUENCE { # algorithm OBJECT IDENTIFIER, # parameters ANY DEFINED BY algorithm OPTIONAL } # -- contains a value of the type # -- registered for use with the # -- algorithm object identifier value schema = ( ("algorithm", ObjectIdentifier()), ("parameters", Any(optional=True)), )
class ContentInfo(Sequence): # ContentInfo ::= SEQUENCE { # contentType ContentType, # content [0] EXPLICIT ANY DEFINED BY contentType } schema = ( ("contentType", ContentType( defines=((("content", ), { ObjectIdentifier("1.2.840.113549.1.7.2"): SignedData(), }), ))), ("content", ANY(expl=tag_ctxc(0))), )
class KeyEncryptionAlgorithmIdentifier(AlgorithmIdentifier): schema = ( ("algorithm", ObjectIdentifier(defines=( (("..", "encryptedKey"), { id_tc26_gost3410_2012_256: GostR3410KeyTransport(), id_tc26_gost3410_2012_512: GostR3410KeyTransport(), }), (("..", "recipientEncryptedKeys", any, "encryptedKey"), { id_tc26_gost3410_2012_256: Gost2814789EncryptedKey(), id_tc26_gost3410_2012_512: Gost2814789EncryptedKey(), }), ))), ("parameters", Any(optional=True)), )
class Extension(Sequence): # Extension ::= SEQUENCE { # extnID OBJECT IDENTIFIER, # critical BOOLEAN DEFAULT FALSE, # extnValue OCTET STRING # } schema = ( ("extnID", ObjectIdentifier( defines=((("extnValue", ), { id_ce_authorityKeyIdentifier: AuthorityKeyIdentifier(), id_ce_keyUsage: KeyUsage(), id_ce_extKeyUsage: ExtKeyUsage(), id_ce_cRLDistributionPoints: CRLDistributionPoints(), id_pe_authorityInfoAccess: AuthorityInfoAccess(), }), ))), ("critical", Boolean(default=False)), ("extnValue", OCTETSTRING()), # OctetString()), )
class GeneralName(Choice): # GeneralName ::= CHOICE { # otherName [0] OtherName, # rfc822Name [1] IA5String, # dNSName [2] IA5String, # x400Address [3] ORAddress, # directoryName [4] Name, # ediPartyName [5] EDIPartyName, # uniformResourceIdentifier [6] IA5String, # iPAddress [7] OCTET STRING, # registeredID [8] OBJECT IDENTIFIER } schema = ( ("otherName", OtherName(impl=tag_ctxp(0))), ("rfc822Name", IA5String(impl=tag_ctxp(1))), ("dNSName", IA5String(impl=tag_ctxp(2))), ("x400Address", ORAddress(impl=tag_ctxp(3))), ("directoryName", Name(expl=tag_ctxp(4))), ("ediPartyName", EDIPartyName(impl=tag_ctxp(5))), ("uniformResourceIdentifier", IA5String(impl=tag_ctxp(6))), ("iPAddress", OctetString(impl=tag_ctxp(7))), ("registeredID", ObjectIdentifier(impl=tag_ctxp(8))), )
class AlgorithmIdentifier(Sequence): schema = ( ("algorithm", ObjectIdentifier()), ("parameters", Any(optional=True)), )
class Extension(Sequence): schema = ( ("extnID", ObjectIdentifier()), ("critical", Boolean(default=False)), ("extnValue", OctetString()), )
class GostR34102012PublicKeyParameters(Sequence): schema = ( ("publicKeyParamSet", ObjectIdentifier()), ("digestParamSet", ObjectIdentifier(optional=True)), )
from pyderasn import ObjectIdentifier id_pkcs7 = ObjectIdentifier("1.2.840.113549.1.7") id_data = id_pkcs7 + (1,) id_signedData = id_pkcs7 + (2,) id_envelopedData = id_pkcs7 + (3,) id_digestedData = id_pkcs7 + (5,) id_encryptedData = id_pkcs7 + (6,) id_tc26_gost3410_2012_256 = ObjectIdentifier("1.2.643.7.1.1.1.1") id_tc26_gost3410_2012_512 = ObjectIdentifier("1.2.643.7.1.1.1.2") id_tc26_gost3411_2012_256 = ObjectIdentifier("1.2.643.7.1.1.2.2") id_tc26_gost3411_2012_512 = ObjectIdentifier("1.2.643.7.1.1.2.3") id_tc26_gost3410_2012_256_paramSetA = ObjectIdentifier("1.2.643.7.1.2.1.1.1") id_tc26_gost3410_2012_256_paramSetB = ObjectIdentifier("1.2.643.7.1.2.1.1.2") id_tc26_gost3410_2012_256_paramSetC = ObjectIdentifier("1.2.643.7.1.2.1.1.3") id_tc26_gost3410_2012_256_paramSetD = ObjectIdentifier("1.2.643.7.1.2.1.1.4") id_tc26_gost3410_2012_512_paramSetTest = ObjectIdentifier("1.2.643.7.1.2.1.2.0") id_tc26_gost3410_2012_512_paramSetA = ObjectIdentifier("1.2.643.7.1.2.1.2.1") id_tc26_gost3410_2012_512_paramSetB = ObjectIdentifier("1.2.643.7.1.2.1.2.2") id_tc26_gost3410_2012_512_paramSetC = ObjectIdentifier("1.2.643.7.1.2.1.2.3") id_tc26_signwithdigest_gost3410_2012_256 = ObjectIdentifier("1.2.643.7.1.1.3.2") id_tc26_signwithdigest_gost3410_2012_512 = ObjectIdentifier("1.2.643.7.1.1.3.3") id_tc26_gost_28147_param_Z = ObjectIdentifier("1.2.643.7.1.2.5.1.1") id_Gost28147_89 = ObjectIdentifier("1.2.643.2.2.21") id_GostR3410_2001_TestParamSet = ObjectIdentifier("1.2.643.2.2.35.0") id_pbes2 = ObjectIdentifier("1.2.840.113549.1.5.13") id_pbkdf2 = ObjectIdentifier("1.2.840.113549.1.5.12")
class Gost2814789Parameters(Sequence): schema = ( ("iv", Gost2814789IV()), ("encryptionParamSet", ObjectIdentifier()), )
import pem as pem from pygost import gost3410, gost34112012256, gost34112012512 from pygost.asn1schemas.prvkey import PrivateKeyInfo, PrivateKey from pygost.asn1schemas.x509 import Certificate, AlgorithmIdentifier, GostR34102012PublicKeyParameters, \ SubjectPublicKeyInfo, TBSCertificate from pyderasn import ObjectIdentifier, OctetString from pygost.gost3410 import GOST3410Curve from pygost.iface import PEP247 from sspvo import AbstractCrypto from sspvo.errors import BadRequest, CertNotValid, KeyNotValid oid_curve_names = { ObjectIdentifier("1.2.643.2.2.35.1"): "id-GostR3410-2001-CryptoPro-A-ParamSet", ObjectIdentifier("1.2.643.2.2.35.2"): "id-GostR3410-2001-CryptoPro-B-ParamSet", ObjectIdentifier("1.2.643.2.2.35.3"): "id-GostR3410-2001-CryptoPro-C-ParamSet", ObjectIdentifier("1.2.643.2.2.36.0"): "id-GostR3410-2001-CryptoPro-XchA-ParamSet", ObjectIdentifier("1.2.643.2.2.36.1"): "id-GostR3410-2001-CryptoPro-XchB-ParamSet", ObjectIdentifier("1.2.643.7.1.2.1.1.1"): "id-tc26-gost-3410-2012-256-paramSetA", ObjectIdentifier("1.2.643.7.1.2.1.1.2"): "id-tc26-gost-3410-2012-256-paramSetB", ObjectIdentifier("1.2.643.7.1.2.1.1.3"): "id-tc26-gost-3410-2012-256-paramSetC",
("encryptedData", OctetString()), ) class PKCS8ShroudedKeyBag(EncryptedPrivateKeyInfo): pass class PBKDF2Salt(Choice): schema = ( ("specified", OctetString()), # ("otherSource", PBKDF2SaltSources()), ) id_hmacWithSHA1 = ObjectIdentifier("1.2.840.113549.2.7") class PBKDF2PRFs(AlgorithmIdentifier): schema = ( ("algorithm", ObjectIdentifier(default=id_hmacWithSHA1)), ("parameters", Any(optional=True)), ) class IterationCount(Integer): bounds = (1, float("+inf")) class KeyLength(Integer): bounds = (1, float("+inf"))
class SafeBag(Sequence): schema = ( ("bagId", ObjectIdentifier()), ("bagValue", PKCS12BagSet(expl=tag_ctxc(0))), ("bagAttributes", PKCS12Attributes(optional=True)), )
class PBKDF2PRFs(AlgorithmIdentifier): schema = ( ("algorithm", ObjectIdentifier(default=id_hmacWithSHA1)), ("parameters", Any(optional=True)), )
class PBES2Encs(AlgorithmIdentifier): schema = ( ("algorithm", ObjectIdentifier()), ("parameters", Any(optional=True)), )
# -- Upper Bounds ub_state_name = 128 ub_organization_name = 64 ub_organizational_name = 64 ub_title = 64 ub_serial_number = 64 ub_pseudonym = 128 ub_emailaddress_length = 255 ub_locality_name = 128 ub_common_name = 64 ub_name = 32768 # id-at OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) ds(5) 4 } id_at = ObjectIdentifier((2, 5, 4)) # -- Naming attributes of type X520name # id-at-name AttributeType ::= { id-at 41 } # id-at-surname AttributeType ::= { id-at 4 } # id-at-givenName AttributeType ::= { id-at 42 } # id-at-initials AttributeType ::= { id-at 43 } # id-at-generationQualifier AttributeType ::= { id-at 44 } id_at_name = AttributeType(id_at + (41, )) id_at_surname = AttributeType(id_at + (4, )) id_at_givenName = AttributeType(id_at + (42, )) id_at_initials = AttributeType(id_at + (43, )) id_at_generationQualifier = AttributeType(id_at + (44, )) # -- Naming attributes of type X520Name:
class PKCS12Attribute(Sequence): schema = ( ("attrId", ObjectIdentifier()), ("attrValue", AttrValue()), )
class Attribute(Sequence): schema = ( ("type", ObjectIdentifier()), ("values", AttributeValues()), )
class ECParameters(Choice): schema = ( ("namedCurve", ObjectIdentifier()), ("implicitCurve", Null()), # ("specifiedCurve", SpecifiedECDomain()), )