diff options
author | Will Bond <will@wbond.net> | 2019-09-21 07:33:02 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-09-21 07:33:02 -0400 |
commit | f855b33b3d64bbf5e1b9e8ae53e54eede1b8bcc7 (patch) | |
tree | cabc9e3be69b86fd6516c75b32dd81b9f873deea | |
parent | 14d80d98b00da88abf9c2d31c768f2b7bc78ce72 (diff) | |
parent | 86873734b57a695eddc28d32e72240e9ca57dff4 (diff) | |
download | asn1crypto-f855b33b3d64bbf5e1b9e8ae53e54eede1b8bcc7.tar.gz |
Merge pull request #138 from space88man/rsassa_pss
keys.py: add RSASSA_PSS OIDs from RFC4055
-rw-r--r-- | asn1crypto/keys.py | 9 | ||||
-rw-r--r-- | tests/fixtures/keys/test-public-rsapss-der.key | bin | 0 -> 292 bytes | |||
-rw-r--r-- | tests/fixtures/keys/test-public-rsapss.key | 9 | ||||
-rw-r--r-- | tests/fixtures/keys/test-rsapss-der.key | bin | 0 -> 1216 bytes | |||
-rw-r--r-- | tests/fixtures/keys/test-rsapss.crt | 20 | ||||
-rw-r--r-- | tests/fixtures/keys/test-rsapss.key | 28 | ||||
-rw-r--r-- | tests/test_keys.py | 88 | ||||
-rw-r--r-- | tests/test_x509.py | 5 |
8 files changed, 159 insertions, 0 deletions
diff --git a/asn1crypto/keys.py b/asn1crypto/keys.py index 91cf7c6..3d447e3 100644 --- a/asn1crypto/keys.py +++ b/asn1crypto/keys.py @@ -40,6 +40,7 @@ from .core import ( SetOf, ) from .util import int_from_bytes, int_to_bytes +from asn1crypto.algos import RSASSAPSSParams class OtherPrimeInfo(Sequence): @@ -593,6 +594,8 @@ class PrivateKeyAlgorithmId(ObjectIdentifier): _map = { # https://tools.ietf.org/html/rfc3279#page-19 '1.2.840.113549.1.1.1': 'rsa', + # https://tools.ietf.org/html/rfc4055#page-8 + '1.2.840.113549.1.1.10': 'rsassa_pss', # https://tools.ietf.org/html/rfc3279#page-18 '1.2.840.10040.4.1': 'dsa', # https://tools.ietf.org/html/rfc3279#page-13 @@ -615,6 +618,7 @@ class PrivateKeyAlgorithm(_ForceNullParameters, Sequence): _oid_specs = { 'dsa': DSAParams, 'ec': ECDomainParameters, + 'rsassa_pss': RSASSAPSSParams, } @@ -634,6 +638,7 @@ class PrivateKeyInfo(Sequence): algorithm = self['private_key_algorithm']['algorithm'].native return { 'rsa': RSAPrivateKey, + 'rsassa_pss': RSAPrivateKey, 'dsa': Integer, 'ec': ECPrivateKey, }[algorithm] @@ -938,6 +943,8 @@ class PublicKeyAlgorithmId(ObjectIdentifier): '1.2.840.113549.1.1.1': 'rsa', # https://tools.ietf.org/html/rfc3447#page-47 '1.2.840.113549.1.1.7': 'rsaes_oaep', + # https://tools.ietf.org/html/rfc4055#page-8 + '1.2.840.113549.1.1.10': 'rsassa_pss', # https://tools.ietf.org/html/rfc3279#page-18 '1.2.840.10040.4.1': 'dsa', # https://tools.ietf.org/html/rfc3279#page-13 @@ -964,6 +971,7 @@ class PublicKeyAlgorithm(_ForceNullParameters, Sequence): 'ec': ECDomainParameters, 'dh': DomainParameters, 'rsaes_oaep': RSAESOAEPParams, + 'rsassa_pss': RSASSAPSSParams, } @@ -983,6 +991,7 @@ class PublicKeyInfo(Sequence): return { 'rsa': RSAPublicKey, 'rsaes_oaep': RSAPublicKey, + 'rsassa_pss': RSAPublicKey, 'dsa': Integer, # We override the field spec with ECPoint so that users can easily # decompose the byte string into the constituent X and Y coords diff --git a/tests/fixtures/keys/test-public-rsapss-der.key b/tests/fixtures/keys/test-public-rsapss-der.key Binary files differnew file mode 100644 index 0000000..c7937be --- /dev/null +++ b/tests/fixtures/keys/test-public-rsapss-der.key diff --git a/tests/fixtures/keys/test-public-rsapss.key b/tests/fixtures/keys/test-public-rsapss.key new file mode 100644 index 0000000..8e9a068 --- /dev/null +++ b/tests/fixtures/keys/test-public-rsapss.key @@ -0,0 +1,9 @@ +-----BEGIN PUBLIC KEY----- +MIIBIDALBgkqhkiG9w0BAQoDggEPADCCAQoCggEBAKEVLWOTtyNDiAZXb8NqFwmB +PWVmm9mDMTNaptwozSd6OQXPJcXzu8zpwCwWdk3QehrWca3nN0qXN6Hq+pEVjD6/ +QQRMxBQwJeHfTuh8Ci4nz8Xw7gMxR2k36kK01pN/6pdW2S4c4a1Zut7g9zbYIH9U +U1jHMPcqP3I6zBrW5WO5n4XoH5ME+xpIlMJLWCd4X8/xSY2IhY0/ssYCnPLvMqGj +Opw6nwurdPH9zwQvzE8K++8OtfmTQDBUyf4w861qiYjCCdBnj7sjCnTWFggKg9Tt +ot5xPF7bStKEyC3N5HXz3Y8H5jBY8rIYqs2WE+wIBM4s7LxqJ5pyxCmE82dJ+fUC +AwEAAQ== +-----END PUBLIC KEY----- diff --git a/tests/fixtures/keys/test-rsapss-der.key b/tests/fixtures/keys/test-rsapss-der.key Binary files differnew file mode 100644 index 0000000..4449d65 --- /dev/null +++ b/tests/fixtures/keys/test-rsapss-der.key diff --git a/tests/fixtures/keys/test-rsapss.crt b/tests/fixtures/keys/test-rsapss.crt new file mode 100644 index 0000000..4fc9b3f --- /dev/null +++ b/tests/fixtures/keys/test-rsapss.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDWzCCAhKgAwIBAgIURizKkLO5lJkypU9NL3yhfR8mUY0wPgYJKoZIhvcNAQEK +MDGgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogQC +AgDeMA0xCzAJBgNVBAMMAkNBMB4XDTE5MDkyMTEwMjcyNFoXDTI5MDkxODEwMjcy +NFowDTELMAkGA1UEAwwCQ0EwggEgMAsGCSqGSIb3DQEBCgOCAQ8AMIIBCgKCAQEA +oRUtY5O3I0OIBldvw2oXCYE9ZWab2YMxM1qm3CjNJ3o5Bc8lxfO7zOnALBZ2TdB6 +GtZxrec3Spc3oer6kRWMPr9BBEzEFDAl4d9O6HwKLifPxfDuAzFHaTfqQrTWk3/q +l1bZLhzhrVm63uD3Ntggf1RTWMcw9yo/cjrMGtblY7mfhegfkwT7GkiUwktYJ3hf +z/FJjYiFjT+yxgKc8u8yoaM6nDqfC6t08f3PBC/MTwr77w61+ZNAMFTJ/jDzrWqJ +iMIJ0GePuyMKdNYWCAqD1O2i3nE8XttK0oTILc3kdfPdjwfmMFjyshiqzZYT7AgE +zizsvGonmnLEKYTzZ0n59QIDAQABo1MwUTAdBgNVHQ4EFgQUR55Wi9L1KUAfez/M +O/5Z+sDOmn8wHwYDVR0jBBgwFoAUR55Wi9L1KUAfez/MO/5Z+sDOmn8wDwYDVR0T +AQH/BAUwAwEB/zA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCAaEaMBgGCSqG +SIb3DQEBCDALBglghkgBZQMEAgGiBAICAN4DggEBABz2Sub4E5RWr0VVSu/l1gLR +/XmT13AJDqjJ6dyfjMWV8bxVHZAXXBhJk7OMxTkEpHINbcoBEsQdtbQ2lkX7S5fI +7Oyz+Du1ux5uCVRHVjeqEjVkmxuODxPVu4y57Ix6UDL2zDoqCeQcT3V4kw3SqyJn +znv/1OaQ5+20QbHqWEQtjUYv2VyDBE3QqXylKWy1V5YxJJ8g3yBHQxN/+c7o8mti +leTw6Nw2hyunVUmIE07uUwgbwrhck5DQGWqpmsI9D2HugJH0whlCvHjpQUVPEAkL +aNYaelnJ56t6tnIXZEVrtPh7oOyEZWnnj6q3moR/annXkdox5NbQlGLRQDR3+EA= +-----END CERTIFICATE----- diff --git a/tests/fixtures/keys/test-rsapss.key b/tests/fixtures/keys/test-rsapss.key new file mode 100644 index 0000000..2ae4c5b --- /dev/null +++ b/tests/fixtures/keys/test-rsapss.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADALBgkqhkiG9w0BAQoEggSoMIIEpAIBAAKCAQEAoRUtY5O3I0OIBldv +w2oXCYE9ZWab2YMxM1qm3CjNJ3o5Bc8lxfO7zOnALBZ2TdB6GtZxrec3Spc3oer6 +kRWMPr9BBEzEFDAl4d9O6HwKLifPxfDuAzFHaTfqQrTWk3/ql1bZLhzhrVm63uD3 +Ntggf1RTWMcw9yo/cjrMGtblY7mfhegfkwT7GkiUwktYJ3hfz/FJjYiFjT+yxgKc +8u8yoaM6nDqfC6t08f3PBC/MTwr77w61+ZNAMFTJ/jDzrWqJiMIJ0GePuyMKdNYW +CAqD1O2i3nE8XttK0oTILc3kdfPdjwfmMFjyshiqzZYT7AgEzizsvGonmnLEKYTz +Z0n59QIDAQABAoIBAQCc76769u1UM/UQiJtgvbmYDwwsAJ4Sepiyub0bfbzym0d2 ++2yHwYDUkWAjE/dKtLRh9U9n6H6b81vGKtLYCzBJ6beEYu4d5RLjTtbn9gFNGoh5 +BtQ81AQI5Osc9maf6d46d+i73nOYmnVPs8nm6wYuR4+0TMzN4aFSvyofdAKk9qZP +FWY1Vexi4diiChE+HytJ1jtQZIVmTd55oK5HG7tD1seYR7J2F91+KNg3CVC1/y3/ +JhoTDtDeeWtwTnOKafdOqmI4xQu0mZgo0nt/w+PoFGo7pmUv7RWY70qHBO63txCs +c7pX+tn9PERbCcOncAg5yNdC31TKMCSZT6vKz945AoGBAM6TThUqoB5UlrgfPL+1 +6xqMomU4L5OA1M1N3PctiLfe9CmMO/8gh8j0uWsCJp9I6nlg4tIJAYyvd+sa/UzF +Vmf5cyyDEEMuxFYo7UAz7AbcCho4QxSDYvrmp3muFKYRtF/tD69TWrGfq+/QCKXX +7CUElZDjlScqREhQioFJ/Xe7AoGBAMefdL103NlF15mqGD62ZkkZkoB08TDvxPPK +/A3voqCDwpxYPSDSS7o04EphX4gCB6K90ZgHd53Ihox2osDDgcPht+xTICC4ETEL +EST7KkDIhKVpjDRr5Tej7q1wsMbklvVMkVywZ2WQrfsis/tI4b9N10fI/hdj0iTr +AvD2OYIPAoGBAKhc+pjZwuK1gpnSK8r8U/+xe3IP1wbbS5WAzoVOwU1LE6kBOKz5 +MHIiszR57kyIO0JuKq+Q04h8QrqFpsj5VTEs6CfxMkHvTeoDNUrMhqQYlstD67g+ +VV+0ue68aOvpJh/AsLXus85tGs87uLCiST7qe5Q5SIlBM6HUsu4pBcKdAoGAUP+C +ft1MP1z3foJmFAwutLqLl1PcCd9AKyvR2lXBxx+vd4DWTNsHnyaVW5jnCmjIcGBV +Czr8bilPbu80WsL5hGGyH1IbVytYzm2PJ1JCcsbqC7QoD504BLufvQBculdGaYIH ++XQagDuUXLJYFT4dW2JaV+ZWM2dtfU1ehCdkbkECgYAhcAkEP8F5W7uW9hgx/gAg +9gKA/YleJv0gwP+wxKMBkX1OlRuZViN04LcdiVh1uyqtnSa1EwNZn69OHq0bLTXa +F986zj/zUuj4yFNKxnSq3FDISglMo5Ua6HDHT57Dn5vbUnln+Tiq0En5k/8neOJT +TEIWZO5wFQeL1N0l4Nai0g== +-----END PRIVATE KEY----- diff --git a/tests/test_keys.py b/tests/test_keys.py index 2585bbf..2f2856e 100644 --- a/tests/test_keys.py +++ b/tests/test_keys.py @@ -299,6 +299,94 @@ class KeysTests(unittest.TestCase): key_info['attributes'].native ) + def test_parse_rsapss_private_key(self): + with open(os.path.join(fixtures_dir, 'keys/test-rsapss-der.key'), 'rb') as f: + key_info = keys.PrivateKeyInfo.load(f.read()) + + key = key_info['private_key'].parsed + + self.assertEqual( + 0, + key_info['version'].native + ) + self.assertEqual( + 'rsassa_pss', + key_info['private_key_algorithm']['algorithm'].native + ) + self.assertEqual( + None, + key_info['private_key_algorithm']['parameters'].native + ) + + self.assertEqual( + 'two-prime', + key['version'].native + ) + self.assertEqual( + 20334810015710919160110203472269180092101382951468058535601491502957196266577250503666807938732810152931665713052098820680792829137564325868564844098687045650387144565108903086036194735310494097581552241575174798917880615962200904076841064384200149608953782976948109759991080721261141139715447415148530436086884795768009560076896590825433136132086023781159444716805738553676228393667377624295683128237093827752550284339271476658714835879903906034493875531632793284572104031230158276531850092876884395075794398068537347947800593962574809516836581297669594643468201529164877789603529698620577572178907861813134904392181, # noqa + key['modulus'].native + ) + self.assertEqual( + 65537, + key['public_exponent'].native + ) + self.assertEqual( + 19811367921985171557639752989981035886303512541789150212828710994763522615025976847568941008714007785902419332260807020468874408966438534060269241736746690644631569655037665166904359886012100769497873119376457740069070560586943676477505866318738720913860857882999478282122015106772111353446622784949473859714808146533832277397219231218258638918521475883551912394494264506377559745603922894963456171825545032908365582944199734667178542763963194351614183530759037228600105514522819433425764227915014375970397879315537366008672232442295229043876987446583754589361036423305704619726617664187630589314612553217357586095673, # noqa + key['private_exponent'].native + ) + self.assertEqual( + 145062186227663059634108314593892541355080853648164075820395373006330022883408993468365984286369578851636705799765757665015182142763055043654284213839887910732213256250809510746337738407165996181392718941356683486810092456676083857188565619344293262177288309348259896401807590237461717880393098789423620650939, # noqa + key['prime1'].native + ) + self.assertEqual( + 140179950023620372289001596962713930540779028054089057618536399863850868080064249195053602322991362108187576825895413419966213531630187432159266399149913629896819277637422106295703267471029328291865017941552279870382011332512626586060449095917164740367589115287472025339179557750935025294415109144213020312079, # noqa + key['prime2'].native + ) + self.assertEqual( + 118228658851708114001194157738654137417646348120344781510758784408198602961600439097293142570946864897406396441532083859790972106955549111215800799518497533665722246507785513633594518505277393228754912332478232018012333162654627815552589285314495327920681107702945726939074883271186966123919571825659906212509, # noqa + key['exponent1'].native + ) + self.assertEqual( + 56878789554421364113540907677075374840783006759759162308194149033058002105452927576710337564627405910873614034121348759689054278241450542380322750296695046251983127560528078041645807537568272852545501885984378691627606471980343411760066258123338644976958508227786686876412756148631524064712858116223089798721, # noqa + key['exponent2'].native + ) + self.assertEqual( + 23480707628058872067473220975854826046220552607063059593257976510053338333806071359463231176605785818753563067398907246278690942690250152695883594601176151883590956534074071491193074275985805378044282321604348476199853682247297755042167691612551582210509658456585074900583647465600111554502893125233815233234, # noqa + key['coefficient'].native + ) + self.assertEqual( + None, + key['other_prime_infos'].native + ) + + self.assertEqual( + None, + key_info['attributes'].native + ) + + def test_parse_rsapss_public_key_info(self): + with open(os.path.join(fixtures_dir, 'keys/test-public-rsapss-der.key'), 'rb') as f: + key = keys.PublicKeyInfo.load(f.read()) + + public_key = key['public_key'].parsed + + self.assertEqual( + 'rsassa_pss', + key['algorithm']['algorithm'].native + ) + self.assertEqual( + None, + key['algorithm']['parameters'].native + ) + self.assertEqual( + 20334810015710919160110203472269180092101382951468058535601491502957196266577250503666807938732810152931665713052098820680792829137564325868564844098687045650387144565108903086036194735310494097581552241575174798917880615962200904076841064384200149608953782976948109759991080721261141139715447415148530436086884795768009560076896590825433136132086023781159444716805738553676228393667377624295683128237093827752550284339271476658714835879903906034493875531632793284572104031230158276531850092876884395075794398068537347947800593962574809516836581297669594643468201529164877789603529698620577572178907861813134904392181, # noqa + public_key['modulus'].native + ) + self.assertEqual( + 65537, + public_key['public_exponent'].native + ) + @staticmethod def key_sha1_hashes(): return ( diff --git a/tests/test_x509.py b/tests/test_x509.py index 273cf12..4763ab9 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -544,6 +544,11 @@ class X509Tests(unittest.TestCase): 'ecdsa', 'sha256' ), + ( + 'keys/test-rsapss.crt', + 'rsassa_pss', + 'sha256' + ), ) @data('signature_algo_info') |