diff options
author | Russ Housley <housley@vigilsec.com> | 2019-03-05 16:24:11 -0500 |
---|---|---|
committer | Ilya Etingof <etingof@gmail.com> | 2019-03-05 22:24:11 +0100 |
commit | a5ea657fd9ee3c744c163ec200c1a7f3f82b6d0c (patch) | |
tree | 2ae70785fb869610d91250241256258e7c4203dd | |
parent | dc62944265d25644f1d0171172ce99ebc74492fd (diff) | |
download | pyasn1-modules-a5ea657fd9ee3c744c163ec200c1a7f3f82b6d0c.tar.gz |
Add rfc4055 (#22)
Additional Algorithms and Identifiers for RSA Cryptography
for use in Certificates and CRLs
-rw-r--r-- | pyasn1_modules/rfc4055.py | 249 | ||||
-rw-r--r-- | tests/test_rfc4055.py | 107 |
2 files changed, 356 insertions, 0 deletions
diff --git a/pyasn1_modules/rfc4055.py b/pyasn1_modules/rfc4055.py new file mode 100644 index 0000000..02820e7 --- /dev/null +++ b/pyasn1_modules/rfc4055.py @@ -0,0 +1,249 @@ +# +# This file is part of pyasn1-modules software. +# +# Created by Russ Housley with a very small amount of assistance from +# asn1ate v.0.6.0. +# +# Copyright (c) 2019, Vigil Security, LLC +# License: http://snmplabs.com/pyasn1/license.html +# +# Additional Algorithms and Identifiers for RSA Cryptography +# for use in Certificates and CRLs +# +# ASN.1 source from: +# https://www.rfc-editor.org/rfc/rfc4055.txt +# + +from pyasn1.type import univ, char, namedtype, namedval, tag, constraint, useful +from pyasn1_modules import rfc5280 + + +def _OID(*components): + output = [] + for x in tuple(components): + if isinstance(x, univ.ObjectIdentifier): + output.extend(list(x)) + else: + output.append(int(x)) + return univ.ObjectIdentifier(output) + + +id_sha1 = _OID(1, 3, 14, 3, 2, 26) + + +id_sha256 = _OID(2, 16, 840, 1, 101, 3, 4, 2, 1) + + +id_sha384 = _OID(2, 16, 840, 1, 101, 3, 4, 2, 2) + + +id_sha512 = _OID(2, 16, 840, 1, 101, 3, 4, 2, 3) + + +id_sha224 = _OID(2, 16, 840, 1, 101, 3, 4, 2, 4) + + +rsaEncryption = _OID(1, 2, 840, 113549, 1, 1, 1) + + +id_mgf1 = _OID(1, 2, 840, 113549, 1, 1, 8) + + +id_RSAES_OAEP = _OID(1, 2, 840, 113549, 1, 1, 7) + + +id_pSpecified = _OID(1, 2, 840, 113549, 1, 1, 9) + + +id_RSASSA_PSS = _OID(1, 2, 840, 113549, 1, 1, 10) + + +sha256WithRSAEncryption = _OID(1, 2, 840, 113549, 1, 1, 11) + + +sha384WithRSAEncryption = _OID(1, 2, 840, 113549, 1, 1, 12) + + +sha512WithRSAEncryption = _OID(1, 2, 840, 113549, 1, 1, 13) + + +sha224WithRSAEncryption = _OID(1, 2, 840, 113549, 1, 1, 14) + + +sha1Identifier = rfc5280.AlgorithmIdentifier() +sha1Identifier['algorithm'] = id_sha1 +sha1Identifier['parameters'] = univ.Null("") + + +sha224Identifier = rfc5280.AlgorithmIdentifier() +sha224Identifier['algorithm'] = id_sha224 +sha224Identifier['parameters'] = univ.Null("") + + +sha256Identifier = rfc5280.AlgorithmIdentifier() +sha256Identifier['algorithm'] = id_sha256 +sha256Identifier['parameters'] = univ.Null("") + + +sha384Identifier = rfc5280.AlgorithmIdentifier() +sha384Identifier['algorithm'] = id_sha384 +sha384Identifier['parameters'] = univ.Null("") + + +sha512Identifier = rfc5280.AlgorithmIdentifier() +sha512Identifier['algorithm'] = id_sha512 +sha512Identifier['parameters'] = univ.Null("") + + +mgf1SHA1Identifier = rfc5280.AlgorithmIdentifier() +mgf1SHA1Identifier['algorithm'] = id_mgf1 +mgf1SHA1Identifier['parameters'] = sha1Identifier + + +mgf1SHA224Identifier = rfc5280.AlgorithmIdentifier() +mgf1SHA224Identifier['algorithm'] = id_mgf1 +mgf1SHA224Identifier['parameters'] = sha224Identifier + + +mgf1SHA256Identifier = rfc5280.AlgorithmIdentifier() +mgf1SHA256Identifier['algorithm'] = id_mgf1 +mgf1SHA256Identifier['parameters'] = sha256Identifier + + +mgf1SHA384Identifier = rfc5280.AlgorithmIdentifier() +mgf1SHA384Identifier['algorithm'] = id_mgf1 +mgf1SHA384Identifier['parameters'] = sha384Identifier + + +mgf1SHA512Identifier = rfc5280.AlgorithmIdentifier() +mgf1SHA512Identifier['algorithm'] = id_mgf1 +mgf1SHA512Identifier['parameters'] = sha512Identifier + + +pSpecifiedEmptyIdentifier = rfc5280.AlgorithmIdentifier() +pSpecifiedEmptyIdentifier['algorithm'] = id_pSpecified +pSpecifiedEmptyIdentifier['parameters'] = univ.OctetString(value='') + + +class RSAPublicKey(univ.Sequence): + pass + +RSAPublicKey.componentType = namedtype.NamedTypes( + namedtype.NamedType('modulus', univ.Integer()), + namedtype.NamedType('publicExponent', univ.Integer()) +) + + +class HashAlgorithm(rfc5280.AlgorithmIdentifier): + pass + + +class MaskGenAlgorithm(rfc5280.AlgorithmIdentifier): + pass + + +class RSAES_OAEP_params(univ.Sequence): + pass + +RSAES_OAEP_params.componentType = namedtype.NamedTypes( + namedtype.OptionalNamedType('hashFunc', rfc5280.AlgorithmIdentifier().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), + namedtype.OptionalNamedType('maskGenFunc', rfc5280.AlgorithmIdentifier().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))), + namedtype.OptionalNamedType('pSourceFunc', rfc5280.AlgorithmIdentifier().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))) +) + + +rSAES_OAEP_Default_Params = RSAES_OAEP_params() + +rSAES_OAEP_Default_Identifier = rfc5280.AlgorithmIdentifier() +rSAES_OAEP_Default_Identifier['algorithm'] = id_RSAES_OAEP +rSAES_OAEP_Default_Identifier['parameters'] = rSAES_OAEP_Default_Params + + +rSAES_OAEP_SHA224_Params = RSAES_OAEP_params() +rSAES_OAEP_SHA224_Params['hashFunc'] = sha224Identifier.subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0), cloneValueFlag=True) +rSAES_OAEP_SHA224_Params['maskGenFunc'] = mgf1SHA224Identifier.subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1), cloneValueFlag=True) + +rSAES_OAEP_SHA224_Identifier = rfc5280.AlgorithmIdentifier() +rSAES_OAEP_SHA224_Identifier['algorithm'] = id_RSAES_OAEP +rSAES_OAEP_SHA224_Identifier['parameters'] = rSAES_OAEP_SHA224_Params + + +rSAES_OAEP_SHA256_Params = RSAES_OAEP_params() +rSAES_OAEP_SHA256_Params['hashFunc'] = sha256Identifier.subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0), cloneValueFlag=True) +rSAES_OAEP_SHA256_Params['maskGenFunc'] = mgf1SHA256Identifier.subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1), cloneValueFlag=True) + +rSAES_OAEP_SHA256_Identifier = rfc5280.AlgorithmIdentifier() +rSAES_OAEP_SHA256_Identifier['algorithm'] = id_RSAES_OAEP +rSAES_OAEP_SHA256_Identifier['parameters'] = rSAES_OAEP_SHA256_Params + + +rSAES_OAEP_SHA384_Params = RSAES_OAEP_params() +rSAES_OAEP_SHA384_Params['hashFunc'] = sha384Identifier.subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0), cloneValueFlag=True) +rSAES_OAEP_SHA384_Params['maskGenFunc'] = mgf1SHA384Identifier.subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1), cloneValueFlag=True) + +rSAES_OAEP_SHA384_Identifier = rfc5280.AlgorithmIdentifier() +rSAES_OAEP_SHA384_Identifier['algorithm'] = id_RSAES_OAEP +rSAES_OAEP_SHA384_Identifier['parameters'] = rSAES_OAEP_SHA384_Params + + +rSAES_OAEP_SHA512_Params = RSAES_OAEP_params() +rSAES_OAEP_SHA512_Params['hashFunc'] = sha512Identifier.subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0), cloneValueFlag=True) +rSAES_OAEP_SHA512_Params['maskGenFunc'] = mgf1SHA512Identifier.subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1), cloneValueFlag=True) + +rSAES_OAEP_SHA512_Identifier = rfc5280.AlgorithmIdentifier() +rSAES_OAEP_SHA512_Identifier['algorithm'] = id_RSAES_OAEP +rSAES_OAEP_SHA512_Identifier['parameters'] = rSAES_OAEP_SHA512_Params + + +class RSASSA_PSS_params(univ.Sequence): + pass + +RSASSA_PSS_params.componentType = namedtype.NamedTypes( + namedtype.OptionalNamedType('hashAlgorithm', rfc5280.AlgorithmIdentifier().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), + namedtype.OptionalNamedType('maskGenAlgorithm', rfc5280.AlgorithmIdentifier().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))), + namedtype.DefaultedNamedType('saltLength', univ.Integer(value=20).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), + namedtype.DefaultedNamedType('trailerField', univ.Integer(value=1).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))) +) + + +rSASSA_PSS_Default_Params = RSASSA_PSS_params() + +rSASSA_PSS_Default_Identifier = rfc5280.AlgorithmIdentifier() +rSASSA_PSS_Default_Identifier['algorithm'] = id_RSASSA_PSS +rSASSA_PSS_Default_Identifier['parameters'] = rSASSA_PSS_Default_Params + + +rSASSA_PSS_SHA224_Params = RSASSA_PSS_params() +rSASSA_PSS_SHA224_Params['hashAlgorithm'] = sha224Identifier.subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0), cloneValueFlag=True) +rSASSA_PSS_SHA224_Params['maskGenAlgorithm'] = mgf1SHA224Identifier.subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1), cloneValueFlag=True) + +rSASSA_PSS_SHA224_Identifier = rfc5280.AlgorithmIdentifier() +rSASSA_PSS_SHA224_Identifier['algorithm'] = id_RSASSA_PSS +rSASSA_PSS_SHA224_Identifier['parameters'] = rSASSA_PSS_SHA224_Params + + +rSASSA_PSS_SHA256_Params = RSASSA_PSS_params() +rSASSA_PSS_SHA256_Params['hashAlgorithm'] = sha256Identifier.subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0), cloneValueFlag=True) +rSASSA_PSS_SHA256_Params['maskGenAlgorithm'] = mgf1SHA256Identifier.subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1), cloneValueFlag=True) + +rSASSA_PSS_SHA256_Identifier = rfc5280.AlgorithmIdentifier() +rSASSA_PSS_SHA256_Identifier['algorithm'] = id_RSASSA_PSS +rSASSA_PSS_SHA256_Identifier['parameters'] = rSASSA_PSS_SHA256_Params + + +rSASSA_PSS_SHA384_Params = RSASSA_PSS_params() +rSASSA_PSS_SHA384_Params['hashAlgorithm'] = sha384Identifier.subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0), cloneValueFlag=True) +rSASSA_PSS_SHA384_Params['maskGenAlgorithm'] = mgf1SHA384Identifier.subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1), cloneValueFlag=True) + +rSASSA_PSS_SHA384_Identifier = rfc5280.AlgorithmIdentifier() +rSASSA_PSS_SHA384_Identifier['algorithm'] = id_RSASSA_PSS +rSASSA_PSS_SHA384_Identifier['parameters'] = rSASSA_PSS_SHA384_Params + + +rSASSA_PSS_SHA512_Params = RSASSA_PSS_params() +rSASSA_PSS_SHA512_Params['hashAlgorithm'] = sha512Identifier.subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0), cloneValueFlag=True) +rSASSA_PSS_SHA512_Params['maskGenAlgorithm'] = mgf1SHA512Identifier.subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1), cloneValueFlag=True) + +rSASSA_PSS_SHA512_Identifier = rfc5280.AlgorithmIdentifier() +rSASSA_PSS_SHA512_Identifier['algorithm'] = id_RSASSA_PSS +rSASSA_PSS_SHA512_Identifier['parameters'] = rSASSA_PSS_SHA512_Params diff --git a/tests/test_rfc4055.py b/tests/test_rfc4055.py new file mode 100644 index 0000000..c5609c9 --- /dev/null +++ b/tests/test_rfc4055.py @@ -0,0 +1,107 @@ +# +# This file is part of pyasn1-modules software. +# +# Created by Russ Housley +# Copyright (c) 2019, Vigil Security, LLC +# License: http://snmplabs.com/pyasn1/license.html +# + +import sys + +from pyasn1.codec.der import decoder as der_decoder +from pyasn1.codec.der import encoder as der_encoder + +from pyasn1_modules import pem +from pyasn1_modules import rfc5280 +from pyasn1_modules import rfc4055 + +try: + import unittest2 as unittest +except ImportError: + import unittest + + +class PSSDefautTestCase(unittest.TestCase): + pss_default_pem_text = "MAsGCSqGSIb3DQEBCg==" + + def setUp(self): + self.asn1Spec = rfc5280.AlgorithmIdentifier() + + def testDerCodec(self): + substrate = pem.readBase64fromText(self.pss_default_pem_text) + asn1Object, rest = der_decoder.decode(substrate, asn1Spec=self.asn1Spec) + assert not rest + assert asn1Object.prettyPrint() + assert asn1Object[0] == rfc4055.id_RSASSA_PSS + assert der_encoder.encode(asn1Object) == substrate + assert substrate == der_encoder.encode(asn1Object) + + +class PSSSHA512TestCase(unittest.TestCase): + pss_sha512_pem_text = "MDwGCSqGSIb3DQEBCjAvoA8wDQYJYIZIAWUDBAIDBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAIDBQA=" + + def setUp(self): + self.asn1Spec = rfc5280.AlgorithmIdentifier() + + def testDerCodec(self): + substrate = pem.readBase64fromText(self.pss_sha512_pem_text) + asn1Object, rest = der_decoder.decode(substrate, asn1Spec=self.asn1Spec) + assert not rest + assert asn1Object.prettyPrint() + assert asn1Object[0] == rfc4055.id_RSASSA_PSS + assert der_encoder.encode(asn1Object) == substrate + assert substrate == der_encoder.encode(asn1Object) + + +class OAEPDefautTestCase(unittest.TestCase): + oaep_default_pem_text = "MAsGCSqGSIb3DQEBBw==" + + def setUp(self): + self.asn1Spec = rfc5280.AlgorithmIdentifier() + + def testDerCodec(self): + substrate = pem.readBase64fromText(self.oaep_default_pem_text) + asn1Object, rest = der_decoder.decode(substrate, asn1Spec=self.asn1Spec) + assert not rest + assert asn1Object.prettyPrint() + assert asn1Object[0] == rfc4055.id_RSAES_OAEP + assert der_encoder.encode(asn1Object) == substrate + assert substrate == der_encoder.encode(asn1Object) + + +class OAEPSHA256TestCase(unittest.TestCase): + oaep_sha256_pem_text = "MDwGCSqGSIb3DQEBBzAvoA8wDQYJYIZIAWUDBAIBBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAIBBQA=" + + def setUp(self): + self.asn1Spec = rfc5280.AlgorithmIdentifier() + + def testDerCodec(self): + substrate = pem.readBase64fromText(self.oaep_sha256_pem_text) + asn1Object, rest = der_decoder.decode(substrate, asn1Spec=self.asn1Spec) + assert not rest + assert asn1Object.prettyPrint() + assert asn1Object[0] == rfc4055.id_RSAES_OAEP + assert der_encoder.encode(asn1Object) == substrate + assert substrate == der_encoder.encode(asn1Object) + + +class OAEPFullTestCase(unittest.TestCase): + oaep_full_pem_text = "MFMGCSqGSIb3DQEBBzBGoA8wDQYJYIZIAWUDBAICBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAICBQCiFTATBgkqhkiG9w0BAQkEBmZvb2Jhcg==" + + def setUp(self): + self.asn1Spec = rfc5280.AlgorithmIdentifier() + + def testDerCodec(self): + substrate = pem.readBase64fromText(self.oaep_full_pem_text) + asn1Object, rest = der_decoder.decode(substrate, asn1Spec=self.asn1Spec) + assert not rest + assert asn1Object.prettyPrint() + assert asn1Object[0] == rfc4055.id_RSAES_OAEP + assert der_encoder.encode(asn1Object) == substrate + assert substrate == der_encoder.encode(asn1Object) + + +suite = unittest.TestLoader().loadTestsFromModule(sys.modules[__name__]) + +if __name__ == '__main__': + unittest.TextTestRunner(verbosity=2).run(suite) |