示例#1
0
 def test_symmetric(self):
     for _ in range(1 << 8):
         kek = urandom(32)
         cek = urandom(32)
         ukm = urandom(8)
         wrapped = wrap_gost(ukm, kek, cek)
         unwrapped = unwrap_gost(kek, wrapped)
         self.assertEqual(unwrapped, cek)
示例#2
0
 def process_cms(
     self,
     content_info_raw,
     prv_key_our,
     curve_name,
     keker,
     plaintext_expected,
 ):
     sbox = "Gost28147_tc26_ParamZ"
     content_info, tail = ContentInfo().decode(content_info_raw)
     self.assertSequenceEqual(tail, b"")
     enveloped_data, tail = EnvelopedData().decode(
         bytes(content_info["content"]))
     self.assertSequenceEqual(tail, b"")
     eci = enveloped_data["encryptedContentInfo"]
     kari = enveloped_data["recipientInfos"][0]["kari"]
     pub_key_their, tail = OctetString().decode(
         bytes(kari["originator"]["originatorKey"]["publicKey"]), )
     self.assertSequenceEqual(tail, b"")
     ukm = bytes(kari["ukm"])
     rek = kari["recipientEncryptedKeys"][0]
     curve = GOST3410Curve(*CURVE_PARAMS[curve_name])
     kek = keker(curve, prv_key_our, bytes(pub_key_their), ukm)
     encrypted_key, tail = Gost2814789EncryptedKey().decode(
         bytes(rek["encryptedKey"]), )
     self.assertSequenceEqual(tail, b"")
     key_wrapped = bytes(encrypted_key["encryptedKey"])
     mac = bytes(encrypted_key["macKey"])
     cek = unwrap_gost(kek, ukm + key_wrapped + mac, sbox=sbox)
     ciphertext = bytes(eci["encryptedContent"])
     encryption_params, tail = Gost2814789Parameters().decode(
         bytes(eci["contentEncryptionAlgorithm"]["parameters"]))
     self.assertSequenceEqual(tail, b"")
     iv = bytes(encryption_params["iv"])
     self.assertSequenceEqual(
         cfb_decrypt(cek, ciphertext, iv, sbox=sbox, mesh=True),
         plaintext_expected,
     )
示例#3
0
 def test_invalid_length(self):
     with self.assertRaises(ValueError):
         unwrap_gost(urandom(32), urandom(41))
     with self.assertRaises(ValueError):
         unwrap_gost(urandom(32), urandom(45))
示例#4
0
 def process_cms(
     self,
     content_info_raw,
     prv_key_our,
     curve_name,
     keker,
     plaintext_expected,
 ):
     sbox = "id-tc26-gost-28147-param-Z"
     content_info, tail = ContentInfo().decode(
         content_info_raw,
         ctx={
             "defines_by_path": [(
                 (
                     "content",
                     DecodePathDefBy(id_envelopedData),
                     "recipientInfos",
                     any,
                     "kari",
                     "originator",
                     "originatorKey",
                     "algorithm",
                     "algorithm",
                 ),
                 ((
                     ("..", "publicKey"),
                     {
                         id_tc26_gost3410_2012_256: OctetString(),
                         id_tc26_gost3410_2012_512: OctetString(),
                     },
                 ), ),
             ) for _ in (
                 id_tc26_gost3410_2012_256,
                 id_tc26_gost3410_2012_512,
             )],
         })
     self.assertSequenceEqual(tail, b"")
     self.assertIsNotNone(content_info["content"].defined)
     _, enveloped_data = content_info["content"].defined
     eci = enveloped_data["encryptedContentInfo"]
     kari = enveloped_data["recipientInfos"][0]["kari"]
     self.assertIsNotNone(
         kari["originator"]["originatorKey"]["publicKey"].defined)
     _, pub_key_their = kari["originator"]["originatorKey"][
         "publicKey"].defined
     ukm = bytes(kari["ukm"])
     rek = kari["recipientEncryptedKeys"][0]
     curve = CURVES[curve_name]
     kek = keker(curve, prv_key_our, bytes(pub_key_their), ukm)
     self.assertIsNotNone(rek["encryptedKey"].defined)
     _, encrypted_key = rek["encryptedKey"].defined
     key_wrapped = bytes(encrypted_key["encryptedKey"])
     mac = bytes(encrypted_key["macKey"])
     cek = unwrap_gost(kek, ukm + key_wrapped + mac, sbox=sbox)
     ciphertext = bytes(eci["encryptedContent"])
     self.assertIsNotNone(
         eci["contentEncryptionAlgorithm"]["parameters"].defined)
     _, encryption_params = eci["contentEncryptionAlgorithm"][
         "parameters"].defined
     iv = bytes(encryption_params["iv"])
     self.assertSequenceEqual(
         cfb_decrypt(cek, ciphertext, iv, sbox=sbox, mesh=True),
         plaintext_expected,
     )