class AttributeTypeAndValue(Sequence):
schema = (
("type",
AttributeType(
defines=(((".", "value"), {
ObjectIdentifier("2.5.4.6"): PrintableString(),
ObjectIdentifier("2.5.4.8"): PrintableString(),
ObjectIdentifier("2.5.4.7"): PrintableString(),
ObjectIdentifier("2.5.4.10"): OrganizationName(),
ObjectIdentifier("2.5.4.3"): PrintableString(),
}), ))),
("value", AttributeValue()),
)
def test__parse_public_key_hash_raise(self):
pem_cert = self.crypto._parse_pem(valid_cert)
asn_cert = self.crypto._parse_asn_cert(pem_cert)
asn_cert["tbsCertificate"]["subjectPublicKeyInfo"]["algorithm"][
"parameters"] = Any(
GostR34102012PublicKeyParameters((
("publicKeyParamSet",
ObjectIdentifier("1.2.643.7.1.2.1.2.9999")),
("digestParamSet",
ObjectIdentifier("1.2.643.7.1.2.1.2.9999")),
)))
cert_new = b64encode(asn_cert.encode()).decode()
with self.assertRaises(CertNotValid):
self.crypto._parse_public_key_hash(
"-----BEGIN CERTIFICATE-----\n" + cert_new +
"\n-----END CERTIFICATE-----")
class EncryptionAlgorithmIdentifier(AlgorithmIdentifier):
schema = (
("algorithm", ObjectIdentifier(defines=(
(("parameters",), {id_pbes2: PBES2Params()}),
))),
("parameters", Any(optional=True)),
)
class PBES2Encs(AlgorithmIdentifier):
schema = (
("algorithm", ObjectIdentifier(defines=(
(("parameters",), {id_Gost28147_89: Gost2814789Parameters()}),
))),
("parameters", Any(optional=True)),
)
class PBES2KDFs(AlgorithmIdentifier):
schema = (
("algorithm", ObjectIdentifier(defines=(
(("parameters",), {id_pbkdf2: PBKDF2Params()}),
))),
("parameters", Any(optional=True)),
)
class AccessDescription(Sequence):
# AccessDescription ::= SEQUENCE {
# accessMethod OBJECT IDENTIFIER,
# accessLocation GeneralName }
schema = (
("accessMethod", ObjectIdentifier()),
("accessLocation", GeneralName()),
)
def test__get_curve_raise(self):
cert = self.crypto._parse_asn_tbs_cert(valid_cert)
cert["subjectPublicKeyInfo"]["algorithm"]["parameters"] = Any(
GostR34102012PublicKeyParameters(
(("publicKeyParamSet",
ObjectIdentifier("1.2.643.7.1.2.1.2.9999")), )))
with self.assertRaises(CertNotValid):
self.crypto._get_curve(cert)
class SafeBag(Sequence):
schema = (
("bagId", ObjectIdentifier(defines=(
(("bagValue",), {id_encryptedData: EncryptedData()}),
))),
("bagValue", PKCS12BagSet(expl=tag_ctxc(0))),
("bagAttributes", PKCS12Attributes(optional=True)),
)
class OtherName(Sequence):
# OtherName ::= SEQUENCE {
# type-id OBJECT IDENTIFIER,
# value [0] EXPLICIT ANY DEFINED BY type-id }
schema = (
("type-id", ObjectIdentifier()),
("value", Any(expl=tag_ctxc(0))),
)
class PrivateKeyAlgorithmIdentifier(Sequence):
schema = (
("algorithm",
ObjectIdentifier(defines=((
("parameters", ), {
id_tc26_gost3410_2012_256: GostR34102012PublicKeyParameters(),
id_tc26_gost3410_2012_512: GostR34102012PublicKeyParameters(),
}), ))),
("parameters", Any(optional=True)),
)
class GostR34102001TransportParameters(Sequence):
schema = (
("encryptionParamSet", ObjectIdentifier()),
("ephemeralPublicKey",
SubjectPublicKeyInfo(
impl=tag_ctxc(0),
optional=True,
)),
("ukm", OctetString()),
)
class AlgorithmIdentifier(Sequence):
# AlgorithmIdentifier ::= SEQUENCE {
# algorithm OBJECT IDENTIFIER,
# parameters ANY DEFINED BY algorithm OPTIONAL }
# -- contains a value of the type
# -- registered for use with the
# -- algorithm object identifier value
schema = (
("algorithm", ObjectIdentifier()),
("parameters", Any(optional=True)),
)
class ContentInfo(Sequence):
# ContentInfo ::= SEQUENCE {
# contentType ContentType,
# content [0] EXPLICIT ANY DEFINED BY contentType }
schema = (
("contentType",
ContentType(
defines=((("content", ), {
ObjectIdentifier("1.2.840.113549.1.7.2"): SignedData(),
}), ))),
("content", ANY(expl=tag_ctxc(0))),
)
class KeyEncryptionAlgorithmIdentifier(AlgorithmIdentifier):
schema = (
("algorithm",
ObjectIdentifier(defines=(
(("..", "encryptedKey"), {
id_tc26_gost3410_2012_256: GostR3410KeyTransport(),
id_tc26_gost3410_2012_512: GostR3410KeyTransport(),
}),
(("..", "recipientEncryptedKeys", any, "encryptedKey"), {
id_tc26_gost3410_2012_256: Gost2814789EncryptedKey(),
id_tc26_gost3410_2012_512: Gost2814789EncryptedKey(),
}),
))),
("parameters", Any(optional=True)),
)
class Extension(Sequence):
# Extension ::= SEQUENCE {
# extnID OBJECT IDENTIFIER,
# critical BOOLEAN DEFAULT FALSE,
# extnValue OCTET STRING
# }
schema = (
("extnID",
ObjectIdentifier(
defines=((("extnValue", ), {
id_ce_authorityKeyIdentifier: AuthorityKeyIdentifier(),
id_ce_keyUsage: KeyUsage(),
id_ce_extKeyUsage: ExtKeyUsage(),
id_ce_cRLDistributionPoints: CRLDistributionPoints(),
id_pe_authorityInfoAccess: AuthorityInfoAccess(),
}), ))),
("critical", Boolean(default=False)),
("extnValue", OCTETSTRING()), # OctetString()),
)
class GeneralName(Choice):
# GeneralName ::= CHOICE {
# otherName [0] OtherName,
# rfc822Name [1] IA5String,
# dNSName [2] IA5String,
# x400Address [3] ORAddress,
# directoryName [4] Name,
# ediPartyName [5] EDIPartyName,
# uniformResourceIdentifier [6] IA5String,
# iPAddress [7] OCTET STRING,
# registeredID [8] OBJECT IDENTIFIER }
schema = (
("otherName", OtherName(impl=tag_ctxp(0))),
("rfc822Name", IA5String(impl=tag_ctxp(1))),
("dNSName", IA5String(impl=tag_ctxp(2))),
("x400Address", ORAddress(impl=tag_ctxp(3))),
("directoryName", Name(expl=tag_ctxp(4))),
("ediPartyName", EDIPartyName(impl=tag_ctxp(5))),
("uniformResourceIdentifier", IA5String(impl=tag_ctxp(6))),
("iPAddress", OctetString(impl=tag_ctxp(7))),
("registeredID", ObjectIdentifier(impl=tag_ctxp(8))),
)
class AlgorithmIdentifier(Sequence):
schema = (
("algorithm", ObjectIdentifier()),
("parameters", Any(optional=True)),
)
class Extension(Sequence):
schema = (
("extnID", ObjectIdentifier()),
("critical", Boolean(default=False)),
("extnValue", OctetString()),
)
class GostR34102012PublicKeyParameters(Sequence):
schema = (
("publicKeyParamSet", ObjectIdentifier()),
("digestParamSet", ObjectIdentifier(optional=True)),
)
from pyderasn import ObjectIdentifier
id_pkcs7 = ObjectIdentifier("1.2.840.113549.1.7")
id_data = id_pkcs7 + (1,)
id_signedData = id_pkcs7 + (2,)
id_envelopedData = id_pkcs7 + (3,)
id_digestedData = id_pkcs7 + (5,)
id_encryptedData = id_pkcs7 + (6,)
id_tc26_gost3410_2012_256 = ObjectIdentifier("1.2.643.7.1.1.1.1")
id_tc26_gost3410_2012_512 = ObjectIdentifier("1.2.643.7.1.1.1.2")
id_tc26_gost3411_2012_256 = ObjectIdentifier("1.2.643.7.1.1.2.2")
id_tc26_gost3411_2012_512 = ObjectIdentifier("1.2.643.7.1.1.2.3")
id_tc26_gost3410_2012_256_paramSetA = ObjectIdentifier("1.2.643.7.1.2.1.1.1")
id_tc26_gost3410_2012_256_paramSetB = ObjectIdentifier("1.2.643.7.1.2.1.1.2")
id_tc26_gost3410_2012_256_paramSetC = ObjectIdentifier("1.2.643.7.1.2.1.1.3")
id_tc26_gost3410_2012_256_paramSetD = ObjectIdentifier("1.2.643.7.1.2.1.1.4")
id_tc26_gost3410_2012_512_paramSetTest = ObjectIdentifier("1.2.643.7.1.2.1.2.0")
id_tc26_gost3410_2012_512_paramSetA = ObjectIdentifier("1.2.643.7.1.2.1.2.1")
id_tc26_gost3410_2012_512_paramSetB = ObjectIdentifier("1.2.643.7.1.2.1.2.2")
id_tc26_gost3410_2012_512_paramSetC = ObjectIdentifier("1.2.643.7.1.2.1.2.3")
id_tc26_signwithdigest_gost3410_2012_256 = ObjectIdentifier("1.2.643.7.1.1.3.2")
id_tc26_signwithdigest_gost3410_2012_512 = ObjectIdentifier("1.2.643.7.1.1.3.3")
id_tc26_gost_28147_param_Z = ObjectIdentifier("1.2.643.7.1.2.5.1.1")
id_Gost28147_89 = ObjectIdentifier("1.2.643.2.2.21")
id_GostR3410_2001_TestParamSet = ObjectIdentifier("1.2.643.2.2.35.0")
id_pbes2 = ObjectIdentifier("1.2.840.113549.1.5.13")
id_pbkdf2 = ObjectIdentifier("1.2.840.113549.1.5.12")
class Gost2814789Parameters(Sequence):
schema = (
("iv", Gost2814789IV()),
("encryptionParamSet", ObjectIdentifier()),
)
import pem as pem
from pygost import gost3410, gost34112012256, gost34112012512
from pygost.asn1schemas.prvkey import PrivateKeyInfo, PrivateKey
from pygost.asn1schemas.x509 import Certificate, AlgorithmIdentifier, GostR34102012PublicKeyParameters, \
SubjectPublicKeyInfo, TBSCertificate
from pyderasn import ObjectIdentifier, OctetString
from pygost.gost3410 import GOST3410Curve
from pygost.iface import PEP247
from sspvo import AbstractCrypto
from sspvo.errors import BadRequest, CertNotValid, KeyNotValid
oid_curve_names = {
ObjectIdentifier("1.2.643.2.2.35.1"):
"id-GostR3410-2001-CryptoPro-A-ParamSet",
ObjectIdentifier("1.2.643.2.2.35.2"):
"id-GostR3410-2001-CryptoPro-B-ParamSet",
ObjectIdentifier("1.2.643.2.2.35.3"):
"id-GostR3410-2001-CryptoPro-C-ParamSet",
ObjectIdentifier("1.2.643.2.2.36.0"):
"id-GostR3410-2001-CryptoPro-XchA-ParamSet",
ObjectIdentifier("1.2.643.2.2.36.1"):
"id-GostR3410-2001-CryptoPro-XchB-ParamSet",
ObjectIdentifier("1.2.643.7.1.2.1.1.1"):
"id-tc26-gost-3410-2012-256-paramSetA",
ObjectIdentifier("1.2.643.7.1.2.1.1.2"):
"id-tc26-gost-3410-2012-256-paramSetB",
ObjectIdentifier("1.2.643.7.1.2.1.1.3"):
"id-tc26-gost-3410-2012-256-paramSetC",
("encryptedData", OctetString()),
)
class PKCS8ShroudedKeyBag(EncryptedPrivateKeyInfo):
pass
class PBKDF2Salt(Choice):
schema = (
("specified", OctetString()),
# ("otherSource", PBKDF2SaltSources()),
)
id_hmacWithSHA1 = ObjectIdentifier("1.2.840.113549.2.7")
class PBKDF2PRFs(AlgorithmIdentifier):
schema = (
("algorithm", ObjectIdentifier(default=id_hmacWithSHA1)),
("parameters", Any(optional=True)),
)
class IterationCount(Integer):
bounds = (1, float("+inf"))
class KeyLength(Integer):
bounds = (1, float("+inf"))
class SafeBag(Sequence):
schema = (
("bagId", ObjectIdentifier()),
("bagValue", PKCS12BagSet(expl=tag_ctxc(0))),
("bagAttributes", PKCS12Attributes(optional=True)),
)
class PBKDF2PRFs(AlgorithmIdentifier):
schema = (
("algorithm", ObjectIdentifier(default=id_hmacWithSHA1)),
("parameters", Any(optional=True)),
)
class PBES2Encs(AlgorithmIdentifier):
schema = (
("algorithm", ObjectIdentifier()),
("parameters", Any(optional=True)),
)
# -- Upper Bounds
ub_state_name = 128
ub_organization_name = 64
ub_organizational_name = 64
ub_title = 64
ub_serial_number = 64
ub_pseudonym = 128
ub_emailaddress_length = 255
ub_locality_name = 128
ub_common_name = 64
ub_name = 32768
# id-at OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) ds(5) 4 }
id_at = ObjectIdentifier((2, 5, 4))
# -- Naming attributes of type X520name
# id-at-name AttributeType ::= { id-at 41 }
# id-at-surname AttributeType ::= { id-at 4 }
# id-at-givenName AttributeType ::= { id-at 42 }
# id-at-initials AttributeType ::= { id-at 43 }
# id-at-generationQualifier AttributeType ::= { id-at 44 }
id_at_name = AttributeType(id_at + (41, ))
id_at_surname = AttributeType(id_at + (4, ))
id_at_givenName = AttributeType(id_at + (42, ))
id_at_initials = AttributeType(id_at + (43, ))
id_at_generationQualifier = AttributeType(id_at + (44, ))
# -- Naming attributes of type X520Name:
class PKCS12Attribute(Sequence):
schema = (
("attrId", ObjectIdentifier()),
("attrValue", AttrValue()),
)
class Attribute(Sequence):
schema = (
("type", ObjectIdentifier()),
("values", AttributeValues()),
)
class ECParameters(Choice):
schema = (
("namedCurve", ObjectIdentifier()),
("implicitCurve", Null()),
# ("specifiedCurve", SpecifiedECDomain()),
)