def test_error_stack(self):
enc = asn1.Encoder()
enc.start()
assert_raises(asn1.Error, enc.leave)
enc.enter(asn1.Numbers.Sequence)
assert_raises(asn1.Error, enc.output)
enc.leave()
assert_raises(asn1.Error, enc.leave)
def test_context(self):
enc = asn1.Encoder()
enc.start()
enc.enter(1, asn1.Classes.Context)
enc.write(1)
enc.leave()
res = enc.output()
assert res == b'\xa1\x03\x02\x01\x01'
def test_private(self):
enc = asn1.Encoder()
enc.start()
enc.enter(1, asn1.Classes.Private)
enc.write(1)
enc.leave()
res = enc.output()
assert res == b'\xe1\x03\x02\x01\x01'
def test_long_tag_id(self):
enc = asn1.Encoder()
enc.start()
enc.enter(0xffff)
enc.write(1)
enc.leave()
res = enc.output()
assert res == b'\x3f\x83\xff\x7f\x03\x02\x01\x01'
def test_application(self):
enc = asn1.Encoder()
enc.start()
enc.enter(1, asn1.Classes.Application)
enc.write(1)
enc.leave()
res = enc.output()
assert res == b'\x61\x03\x02\x01\x01'
def test_sequence(self):
enc = asn1.Encoder()
enc.start()
enc.enter(asn1.Numbers.Sequence)
enc.write(1)
enc.write(b'foo')
enc.leave()
res = enc.output()
assert res == b'\x30\x08\x02\x01\x01\x04\x03foo'
def test_set(self):
enc = asn1.Encoder()
enc.start()
enc.enter(asn1.Set)
enc.write(1)
enc.write('foo')
enc.leave()
res = enc.output()
assert res == '\x31\x08\x02\x01\x01\x04\x03foo'
def assert_encode_decode(v, t):
encoder = asn1.Encoder()
encoder.start()
encoder.write(v, t)
encoded_bytes = encoder.output()
decoder = asn1.Decoder()
decoder.start(encoded_bytes)
tag, value = decoder.read()
assert value == v
def test_set_of(self):
enc = asn1.Encoder()
enc.start()
enc.enter(asn1.Set)
enc.write(1)
enc.write(2)
enc.leave()
res = enc.output()
assert res == '\x31\x06\x02\x01\x01\x02\x01\x02'
def test_sequence_of(self):
enc = asn1.Encoder()
enc.start()
enc.enter(asn1.Numbers.Sequence)
enc.write(1)
enc.write(2)
enc.leave()
res = enc.output()
assert res == b'\x30\x06\x02\x01\x01\x02\x01\x02'
def der_encode_privkey(privkey, curve):
# encode key, curve to ASN1 DER format
encoder = asn1.Encoder()
encoder.start()
encoder.enter(asn1.Numbers.Sequence)
# privkey
encoder.write(_int_to_bebytes(privkey), asn1.Numbers.OctetString)
_der_encode_curve(curve, encoder)
encoder.leave()
return encoder.output()
def test_error_object_identifier(self):
enc = asn1.Encoder()
enc.start()
assert_raises(asn1.Error, enc.write, '1', asn1.ObjectIdentifier)
assert_raises(asn1.Error, enc.write, '40.2.3', asn1.ObjectIdentifier)
assert_raises(asn1.Error, enc.write, '1.40.3', asn1.ObjectIdentifier)
assert_raises(asn1.Error, enc.write, '1.2.3.', asn1.ObjectIdentifier)
assert_raises(asn1.Error, enc.write, '.1.2.3', asn1.ObjectIdentifier)
assert_raises(asn1.Error, enc.write, 'foo', asn1.ObjectIdentifier)
assert_raises(asn1.Error, enc.write, 'foo.bar', asn1.ObjectIdentifier)
def der_encode_pubkey(pubkey, curve):
# encode key, curve to ASN1 DER format
encoder = asn1.Encoder()
encoder.start()
encoder.enter(asn1.Numbers.Sequence)
# pubkey
encoder.write(pubkey.compressed(), asn1.Numbers.OctetString)
# curve
_der_encode_curve(curve, encoder)
encoder.leave()
return encoder.output()
def generate(pk_algorithm,
sig_algorithm,
filename,
signing_key,
type="sign",
ca=False,
pathlen=4):
filename = filename.lower()
set_up_algorithm(pk_algorithm, type)
(pk, sk) = get_keys(type, pk_algorithm)
write_pem(f"{filename}.pub", b"PUBLIC KEY",
public_key_der(pk_algorithm, pk))
write_pem(f"{filename}.key", b"PRIVATE KEY",
private_key_der(pk_algorithm, sk))
with open(f"{filename}.pub.bin", "wb") as publickeyfile:
publickeyfile.write(pk)
with open(f"{filename}.key.bin", "wb") as secretkeyfile:
secretkeyfile.write(sk)
set_up_sign_algorithm(sig_algorithm)
encoder = asn1.Encoder()
encoder.start()
# SEQUENCE of three things
# Certificate ::= SEQUENCE {
# tbsCertificate TBSCertificate,
# signatureAlgorithm AlgorithmIdentifier,
# signatureValue BIT STRING }
encoder.enter(asn1.Numbers.Sequence) # Certificate
write_tbs_certificate(encoder,
pk_algorithm,
sig_algorithm,
pk,
is_ca=ca,
pathlen=pathlen)
# Write signature algorithm
write_signature_algorithm(encoder, sig_algorithm)
write_signature(encoder,
pk_algorithm,
sig_algorithm,
pk,
signing_key,
is_ca=ca,
pathlen=pathlen)
encoder.leave() # Leave Certificate SEQUENCE
with open(f"{filename}.crt.bin", "wb") as file_:
file_.write(encoder.output())
write_pem(f"{filename}.crt", b"CERTIFICATE", encoder.output())
def encodeClient_p_r_ta(
p,
r,
t_a
):
asn1_encoder = asn1.Encoder()
asn1_encoder.start()
# Sequence HEADER
asn1_encoder.enter(asn1.Numbers.Sequence)
#Key set
asn1_encoder.enter(asn1.Numbers.Set)
# Sequence_2 start
asn1_encoder.enter(asn1.Numbers.Sequence)
# 0x80070200 - Месси-Омуры
asn1_encoder.write(b'\x80\x07\x02\x00', asn1.Numbers.OctetString)
asn1_encoder.write(b'mo', asn1.Numbers.UTF8String)
asn1_encoder.enter(asn1.Numbers.Sequence)
asn1_encoder.leave()
#
asn1_encoder.enter(asn1.Numbers.Sequence)
asn1_encoder.write(p, asn1.Numbers.Integer)
asn1_encoder.write(r, asn1.Numbers.Integer)
asn1_encoder.leave()
asn1_encoder.leave()
#
asn1_encoder.enter(asn1.Numbers.Sequence)
asn1_encoder.write(t_a, asn1.Numbers.Integer)
asn1_encoder.leave()
# Sequence_2 end
asn1_encoder.leave()
# Set_1 end
asn1_encoder.leave()
#
asn1_encoder.enter(asn1.Numbers.Sequence)
asn1_encoder.leave()
# Sequence HEADER end
# asn1_encoder.leave()
return asn1_encoder.output()
def GOSTencodeSign(xq, yq, prime, A, B, xp, yp, q, r, s):
encoder = asn1.Encoder()
encoder.start()
encoder.enter(asn1.Numbers.Sequence)
encoder.enter(asn1.Numbers.Set)
encoder.enter(asn1.Numbers.Sequence)
encoder.write(b'\x80\x06\x07\x00', asn1.Numbers.OctetString)
encoder.write(b'gostSignKey', asn1.Numbers.UTF8String)
encoder.enter(asn1.Numbers.Sequence) # Open key
encoder.write(xq, asn1.Numbers.Integer)
encoder.write(yq, asn1.Numbers.Integer)
encoder.leave()
encoder.enter(asn1.Numbers.Sequence) # cryptosystem params
encoder.enter(asn1.Numbers.Sequence) # field params
encoder.write(prime, asn1.Numbers.Integer)
encoder.leave()
encoder.enter(asn1.Numbers.Sequence) # curve params
encoder.write(A, asn1.Numbers.Integer)
encoder.write(B, asn1.Numbers.Integer)
encoder.leave()
encoder.enter(asn1.Numbers.Sequence) # points generator
encoder.write(xp, asn1.Numbers.Integer)
encoder.write(yp, asn1.Numbers.Integer)
encoder.leave()
encoder.write(q, asn1.Numbers.Integer)
encoder.leave()
encoder.enter(asn1.Numbers.Sequence) # sign
encoder.write(r, asn1.Numbers.Integer)
encoder.write(s, asn1.Numbers.Integer)
encoder.leave()
encoder.leave()
encoder.leave()
encoder.enter(asn1.Numbers.Sequence) # file params
encoder.leave()
encoder.leave()
return encoder.output()
def der_encode_ecelgamal_ctxt(ctext, curve):
# encode key, curve to ASN1 DER format
encoder = asn1.Encoder()
encoder.start()
encoder.enter(asn1.Numbers.Sequence)
# C
encoder.write(ctext.C.compressed(), asn1.Numbers.OctetString)
# D
encoder.write(ctext.D.compressed(), asn1.Numbers.OctetString)
# curve
_der_encode_curve(curve, encoder)
encoder.leave()
return encoder.output()
def der_encode_message(pubkey, nonce, ctext):
# encode key, curve to ASN1 DER format
encoder = asn1.Encoder()
encoder.start()
encoder.enter(asn1.Numbers.Sequence)
# pubkey
encoder.write(pubkey.compressed(), asn1.Numbers.OctetString)
# nonce
encoder.write(nonce, asn1.Numbers.OctetString)
# ciphertext
encoder.write(ctext, asn1.Numbers.OctetString)
encoder.leave()
return encoder.output()
def encode_sign(
mod, # mod - n
exp, # exp - e
sign_RSA):
asn1_encoder = asn1.Encoder()
asn1_encoder.start()
# Sequence_1 start
asn1_encoder.enter(asn1.Numbers.Sequence)
# Set_1 start
asn1_encoder.enter(asn1.Numbers.Set)
# Sequence_2 start
asn1_encoder.enter(asn1.Numbers.Sequence)
# \x00\x06 - RSA-SHA1
asn1_encoder.write(b'\x00\x40', asn1.Numbers.OctetString)
asn1_encoder.write(b'RSASignature ', asn1.Numbers.UTF8String)
#
asn1_encoder.enter(asn1.Numbers.Sequence)
asn1_encoder.write(mod, asn1.Numbers.Integer)
asn1_encoder.write(exp, asn1.Numbers.Integer)
asn1_encoder.leave()
#
asn1_encoder.enter(asn1.Numbers.Sequence)
asn1_encoder.leave()
#
asn1_encoder.enter(asn1.Numbers.Sequence)
asn1_encoder.write(sign_RSA, asn1.Numbers.Integer)
asn1_encoder.leave()
# Sequence_2 start
asn1_encoder.leave()
# Set_1 end
asn1_encoder.leave()
# Additional data
asn1_encoder.enter(asn1.Numbers.Sequence)
asn1_encoder.leave()
# Sequence_1 end
asn1_encoder.leave()
return asn1_encoder.output()
def test_long_object_identifier(self):
enc = asn1.Encoder()
enc.start()
enc.write('39.2.3', asn1.ObjectIdentifier)
res = enc.output()
assert res == '\x06\x03\x8c\x1a\x03'
enc.start()
enc.write('1.39.3', asn1.ObjectIdentifier)
res = enc.output()
assert res == '\x06\x02\x4f\x03'
enc.start()
enc.write('1.2.300000', asn1.ObjectIdentifier)
res = enc.output()
assert res == '\x06\x04\x2a\x92\xa7\x60'
def RSAencode(
n,
e,
c, # encrypted aes256 key
len,
encrypted):
encoder = asn1.Encoder()
encoder.start()
encoder.enter(asn1.Numbers.Sequence
) # Start of sequence_1 -- main sequence of metadata
encoder.enter(asn1.Numbers.Set) # Start of set_1 -- set of RSA keys
encoder.enter(
asn1.Numbers.Sequence) # Start of sequence_2 -- first RSA key
encoder.write(b'\x00\x01', asn1.Numbers.OctetString) # RSA identifier
encoder.write(b'\x0C\x00',
asn1.Numbers.UTF8String) # ID of the key (empty)
encoder.enter(asn1.Numbers.Sequence
) # Start of sequence_3 -- sequence of e and n of RSA
encoder.write(n, asn1.Numbers.Integer)
encoder.write(e, asn1.Numbers.Integer)
encoder.leave() # End of sequence_3
encoder.enter(
asn1.Numbers.Sequence
) # Cryptographic parameters, not used in RSA, because parameter n is a part of open key
encoder.leave()
encoder.enter(asn1.Numbers.Sequence
) # Start of sequence_4 -- sequence of RSA encrypted data
encoder.write(c, asn1.Numbers.Integer)
encoder.leave()
encoder.leave() # End of sequence_2
encoder.leave() # End of set_1
encoder.enter(asn1.Numbers.Sequence
) # Start of sequence_5 -- sequence of additional data
encoder.write(b'\x10\x82', asn1.Numbers.OctetString) # AES CBC identifier
encoder.write(len, asn1.Numbers.Integer) # len of the ciphertext
encoder.leave()
encoder.leave() # End of sequence_1
encoder.write(encrypted)
return encoder.output()
def test_big_negative_numbers(self):
for v in \
(
-668929531791034950848739021124816874,
-667441897913742713771034596334288035,
-664674827807729028941298133900846368,
-666811959353093594446621165172641478,
):
encoder = asn1.Encoder()
encoder.start()
encoder.write(v, asn1.Numbers.Integer)
encoded_bytes = encoder.output()
decoder = asn1.Decoder()
decoder.start(encoded_bytes)
tag, value = decoder.read()
assert value == v
def encode_signature(Q, prime, curve, P, group_order, signature_r, signature_s, ksi):
encoder = asn1.Encoder()
encoder.start()
encoder.enter(asn1.Numbers.Sequence)
encoder.enter(asn1.Numbers.Set)
encoder.enter(asn1.Numbers.Sequence)
encoder.write(b'\\x80\\x06\\x07\\x00', asn1.Numbers.OctetString)
encoder.write(b'GOST 34.10-2018', asn1.Numbers.UTF8String)
# Public key Q(x,y)
encoder.enter(asn1.Numbers.Sequence)
encoder.write(Q.x, asn1.Numbers.Integer) # Qx
encoder.write(Q.y, asn1.Numbers.Integer) # Qy
encoder.leave()
# Cryptosystem parameters
encoder.enter(asn1.Numbers.Sequence)
encoder.write(prime, asn1.Numbers.Integer)
encoder.leave()
encoder.enter(asn1.Numbers.Sequence)
encoder.write(curve.a, asn1.Numbers.Integer) # A parameter
encoder.write(curve.b, asn1.Numbers.Integer) # B parameter
encoder.leave()
# P(x,y)
encoder.enter(asn1.Numbers.Sequence)
encoder.write(P.x, asn1.Numbers.Integer) # Px
encoder.write(P.y, asn1.Numbers.Integer) # Py
encoder.leave()
# Group order (r)
encoder.enter(asn1.Numbers.Sequence)
encoder.write(group_order, asn1.Numbers.Integer)
encoder.leave()
encoder.leave()
# Sugnature
encoder.enter(asn1.Numbers.Sequence)
encoder.write(signature_r, asn1.Numbers.Integer)
# First part of signature (r)
encoder.write(signature_s, asn1.Numbers.Integer)
# Second part of signature (s)
encoder.leave()
encoder.leave()
# Files parameters
encoder.enter(asn1.Numbers.Sequence)
encoder.leave()
encoder.leave()
encoded_bytes = encoder.output()
return encoded_bytes
def test_twos_complement_boundaries(self):
enc = asn1.Encoder()
enc.start()
enc.write(127)
res = enc.output()
assert res == '\x02\x01\x7f'
enc.start()
enc.write(128)
res = enc.output()
assert res == '\x02\x02\x00\x80'
enc.start()
enc.write(-128)
res = enc.output()
assert res == '\x02\x01\x80'
enc.start()
enc.write(-129)
res = enc.output()
assert res == '\x02\x02\xff\x7f'
def ELGencodeSign(
prime, # p
r, # r
generator, # a
w,
s,
b):
encoder = asn1.Encoder()
encoder.start()
encoder.enter(asn1.Numbers.Sequence)
encoder.enter(asn1.Numbers.Set)
encoder.enter(asn1.Numbers.Sequence)
encoder.write(b'\x80\x06', asn1.Numbers.OctetString)
# encoder.write(b'\x02\x00', asn1.Numbers.OctetString)
encoder.write(b'ELG Sign', asn1.Numbers.UTF8String)
encoder.enter(asn1.Numbers.Sequence)
encoder.write(b, asn1.Numbers.Integer)
encoder.leave()
encoder.enter(asn1.Numbers.Sequence)
encoder.write(prime, asn1.Numbers.Integer)
encoder.write(r, asn1.Numbers.Integer)
encoder.write(generator, asn1.Numbers.Integer)
encoder.leave()
encoder.enter(asn1.Numbers.Sequence)
encoder.write(w, asn1.Numbers.Integer)
encoder.write(s, asn1.Numbers.Integer)
encoder.leave()
encoder.leave()
encoder.leave()
encoder.enter(asn1.Numbers.Sequence)
encoder.leave()
encoder.leave()
return encoder.output()
def __bytes__(self):
if self.data is None:
return py23_bytes()
b = b""
encoder = asn1.Encoder()
encoder.start()
for name, value in list(self.data.items()):
if name == "operations":
for operation in value:
if isinstance(value, string_types):
b = py23_bytes(operation, 'utf-8')
else:
b = py23_bytes(operation)
encoder.write(b, asn1.Numbers.OctetString)
elif name != "signatures":
if isinstance(value, string_types):
b = py23_bytes(value, 'utf-8')
else:
b = py23_bytes(value)
encoder.write(b, asn1.Numbers.OctetString)
return encoder.output()
def Enc_DER(self, M, interval, lam=None):
"""Enc is the encryption function which takes a single element
and encrypts it using the encryption key for specific interval.
Enc_DER produces output in ASN.1 DER binary format
"""
ctraw = self._enc(M, interval, lam)
encoder = asn1.Encoder()
encoder.start()
encoder.enter(asn1.Numbers.Sequence)
encoder.enter(asn1.Numbers.Sequence)
for c in ctraw[:-1]:
byteval = unhexlify(str(c))
encoder.write(byteval, asn1.Numbers.OctetString)
encoder.leave()
encoder.enter(asn1.Numbers.Sequence)
Md = ctraw[-1]
for n in range(0, 2):
byteval = self._byterep_q(Md[n])
encoder.write(byteval, asn1.Numbers.OctetString)
encoder.leave()
encoder.leave()
return encoder.output()
def privateKeyToDER(self, interval):
encoder = asn1.Encoder()
encoder.start()
# enter privkey
encoder.enter(asn1.Numbers.Sequence)
# encode pubkey to stream
self._publicKeyDEREncode(encoder)
# enter secrets
encoder.enter(asn1.Numbers.Sequence)
keyset = self._exportKeyset(interval)
if keyset is None:
return None
for k in keyset:
# enter key
encoder.enter(asn1.Numbers.Sequence)
address, ckey = k[0], k[1]
# enter address
encoder.enter(asn1.Numbers.Sequence)
# write depth, ordinal
encoder.write(address[0], asn1.Numbers.Integer)
encoder.write(address[1], asn1.Numbers.Integer)
# leave address
encoder.leave()
# enter Rw list
encoder.enter(asn1.Numbers.Sequence)
for r in ckey[0]:
# write Rw
encoder.write(unhexlify(str(r)), asn1.Numbers.OctetString)
# leave Rw list
encoder.leave()
# write S
encoder.write(unhexlify(str(ckey[1])), asn1.Numbers.OctetString)
# leave key
encoder.leave()
# leave secrets
encoder.leave()
# leave privkey
encoder.leave()
return encoder.output()
def encode_file_signature(Q, p, curve, P, q, r, s):
struct = asn1.Encoder()
struct.start()
struct.enter(asn1.Numbers.Sequence)
struct.enter(asn1.Numbers.Set)
struct.enter(asn1.Numbers.Sequence)
struct.write(b'\x00\x06\x07\x00', asn1.Numbers.OctetString)
struct.write(b'gostSignKey', asn1.Numbers.UTF8String)
struct.enter(asn1.Numbers.Sequence)
struct.write(Q.x, asn1.Numbers.Integer)
struct.write(Q.y, asn1.Numbers.Integer)
struct.leave()
struct.enter(asn1.Numbers.Sequence)
struct.write(p, asn1.Numbers.Integer)
struct.leave()
struct.enter(asn1.Numbers.Sequence)
struct.write(curve.a, asn1.Numbers.Integer)
struct.write(curve.b, asn1.Numbers.Integer)
struct.leave()
struct.enter(asn1.Numbers.Sequence)
struct.write(P.x, asn1.Numbers.Integer)
struct.write(P.y, asn1.Numbers.Integer)
struct.leave()
struct.write(q, asn1.Numbers.Integer)
struct.leave()
struct.enter(asn1.Numbers.Sequence)
struct.write(r, asn1.Numbers.Integer)
struct.write(s, asn1.Numbers.Integer)
struct.leave()
struct.leave()
struct.enter(asn1.Numbers.Sequence)
struct.leave()
struct.leave()
return struct.output()
def _generate_dn_hash(dn: str):
"""
Given a DN one-liner as commonly encoded in the grid world
(e.g., output of `openssl x509 -in $FILE -noout -subject`), run
the OpenSSL subject hash generation algorithm.
This is done by calculating the SHA-1 sum of the canonical form of the
X509 certificate's subject. Formatting is a bit like this:
SEQUENCE:
SET:
SEQUENCE:
OID
UTF8String
All the UTF-8 values should be converted to lower-case and multiple
spaces should be replaced with a single space. That is, "Foo Bar"
should be substituted with "foo bar" for the canonical form.
"""
encoder = asn1.Encoder()
encoder.start()
info = __dn_split_re.split(dn)[1:]
for attr, val in zip(info[0::2], info[1::2]):
oid = __oid_map.get(attr)
if not oid:
raise ValueError("OID for attribute {} is not known.".format(attr))
encoder.enter(0x11)
encoder.enter(0x10)
encoder.write(oid, 0x06)
encoder.write(val.lower().encode("utf-8"), 0x0c)
encoder.leave()
encoder.leave()
output = encoder.output()
hash_obj = hashlib.sha1()
hash_obj.update(output)
digest = hash_obj.digest()
int_summary = digest[0] | digest[1] << 8 | digest[2] << 16 | digest[3] << 24
return "%08lx.0" % int_summary
