diff options
author | Russ Housley <housley@vigilsec.com> | 2019-12-09 16:21:35 -0500 |
---|---|---|
committer | Ilya Etingof <etingof@gmail.com> | 2019-12-09 22:21:35 +0100 |
commit | 82639c183bb56d6acb2390a54b60c0a94ce92a2c (patch) | |
tree | ee504e95b1d60b05691a4c32fe3c4746e5d09ace | |
parent | 85e354140c6ffa5892f38eec34918fdcc4b4c977 (diff) | |
download | pyasn1-modules-82639c183bb56d6acb2390a54b60c0a94ce92a2c.tar.gz |
Add support for RFC 4357, RFC 4490, and RFC 4491 (#122)
-rw-r--r-- | CHANGES.txt | 6 | ||||
-rw-r--r-- | pyasn1_modules/rfc4357.py | 477 | ||||
-rw-r--r-- | pyasn1_modules/rfc4490.py | 113 | ||||
-rw-r--r-- | pyasn1_modules/rfc4491.py | 44 | ||||
-rw-r--r-- | tests/__main__.py | 3 | ||||
-rw-r--r-- | tests/test_rfc4357.py | 248 | ||||
-rw-r--r-- | tests/test_rfc4490.py | 274 | ||||
-rw-r--r-- | tests/test_rfc4491.py | 156 |
8 files changed, 1321 insertions, 0 deletions
diff --git a/CHANGES.txt b/CHANGES.txt index 49f3ade..718dac4 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -21,6 +21,12 @@ Revision 0.3.0, released XX-11-2019 - Add RFC3058 providing IDEA Encryption Algorithm for CMS - Add RFC3657 providing Camellia Encryption Algorithm for CMS - Add RFC4010 providing SEED Encryption Algorithm for CMS +- Add RFC4357 providing Additional Cryptographic Algorithms for Use with + GOST 28147-89, GOST R 34.10-94, GOST R 34.10-2001, and GOST R 34.11-94 +- Add RFC4490 providing GOST 28147-89, GOST R 34.11-94, GOST R 34.10-94, + and GOST R 34.10-2001 Algorithms for CMS +- Add RFC4491 providing GOST R 34.10-94, GOST R 34.10-2001, and + GOST R 34.11-94 Algorithms for certificates and CRLs Revision 0.2.8, released 16-11-2019 ----------------------------------- diff --git a/pyasn1_modules/rfc4357.py b/pyasn1_modules/rfc4357.py new file mode 100644 index 0000000..42b9e3e --- /dev/null +++ b/pyasn1_modules/rfc4357.py @@ -0,0 +1,477 @@ +# +# This file is part of pyasn1-modules software. +# +# Created by Russ Housley with assistance from asn1ate v.0.6.0. +# +# Copyright (c) 2019, Vigil Security, LLC +# License: http://snmplabs.com/pyasn1/license.html +# +# Additional Cryptographic Algorithms for Use with GOST 28147-89, +# GOST R 34.10-94, GOST R 34.10-2001, and GOST R 34.11-94 Algorithms +# +# ASN.1 source from: +# https://www.rfc-editor.org/rfc/rfc4357.txt +# https://www.rfc-editor.org/errata/eid5927 +# https://www.rfc-editor.org/errata/eid5928 +# + +from pyasn1.type import constraint +from pyasn1.type import namedtype +from pyasn1.type import namedval +from pyasn1.type import tag +from pyasn1.type import univ + +from pyasn1_modules import rfc5280 + + +# Import from RFC 5280 + +AlgorithmIdentifier = rfc5280.AlgorithmIdentifier + + +# Object Identifiers + +id_CryptoPro = univ.ObjectIdentifier((1, 2, 643, 2, 2,)) + + +id_CryptoPro_modules = id_CryptoPro + (1, 1,) + +id_CryptoPro_extensions = id_CryptoPro + (34,) + +id_CryptoPro_policyIds = id_CryptoPro + (38,) + +id_CryptoPro_policyQt = id_CryptoPro + (39,) + + +cryptographic_Gost_Useful_Definitions = id_CryptoPro_modules + (0, 1,) + +gostR3411_94_DigestSyntax = id_CryptoPro_modules + (1, 1,) + +gostR3410_94_PKISyntax = id_CryptoPro_modules + (2, 1,) + +gostR3410_94_SignatureSyntax = id_CryptoPro_modules + (3, 1,) + +gost28147_89_EncryptionSyntax = id_CryptoPro_modules + (4, 1,) + +gostR3410_EncryptionSyntax = id_CryptoPro_modules + (5, 2,) + +gost28147_89_ParamSetSyntax = id_CryptoPro_modules + (6, 1,) + +gostR3411_94_ParamSetSyntax = id_CryptoPro_modules + (7, 1,) + +gostR3410_94_ParamSetSyntax = id_CryptoPro_modules + (8, 1, 1) + +gostR3410_2001_PKISyntax = id_CryptoPro_modules + (9, 1,) + +gostR3410_2001_SignatureSyntax = id_CryptoPro_modules + (10, 1,) + +gostR3410_2001_ParamSetSyntax = id_CryptoPro_modules + (12, 1,) + +gost_CryptoPro_ExtendedKeyUsage = id_CryptoPro_modules + (13, 1,) + +gost_CryptoPro_PrivateKey = id_CryptoPro_modules + (14, 1,) + +gost_CryptoPro_PKIXCMP = id_CryptoPro_modules + (15, 1,) + +gost_CryptoPro_TLS = id_CryptoPro_modules + (16, 1,) + +gost_CryptoPro_Policy = id_CryptoPro_modules + (17, 1,) + +gost_CryptoPro_Constants = id_CryptoPro_modules + (18, 1,) + + +id_CryptoPro_algorithms = id_CryptoPro + +id_GostR3411_94_with_GostR3410_2001 = id_CryptoPro_algorithms + (3,) + +id_GostR3411_94_with_GostR3410_94 = id_CryptoPro_algorithms + (4,) + +id_GostR3411_94 = id_CryptoPro_algorithms + (9,) + +id_Gost28147_89_None_KeyMeshing = id_CryptoPro_algorithms + (14, 0,) + +id_Gost28147_89_CryptoPro_KeyMeshing = id_CryptoPro_algorithms + (14, 1,) + +id_GostR3410_2001 = id_CryptoPro_algorithms + (19,) + +id_GostR3410_94 = id_CryptoPro_algorithms + (20,) + +id_Gost28147_89 = id_CryptoPro_algorithms + (21,) + +id_Gost28147_89_MAC = id_CryptoPro_algorithms + (22,) + +id_CryptoPro_hashes = id_CryptoPro_algorithms + (30,) + +id_CryptoPro_encrypts = id_CryptoPro_algorithms + (31,) + +id_CryptoPro_signs = id_CryptoPro_algorithms + (32,) + +id_CryptoPro_exchanges = id_CryptoPro_algorithms + (33,) + +id_CryptoPro_ecc_signs = id_CryptoPro_algorithms + (35,) + +id_CryptoPro_ecc_exchanges = id_CryptoPro_algorithms + (36,) + +id_CryptoPro_private_keys = id_CryptoPro_algorithms + (37,) + +id_CryptoPro_pkixcmp_infos = id_CryptoPro_algorithms + (41,) + +id_CryptoPro_audit_service_types = id_CryptoPro_algorithms + (42,) + +id_CryptoPro_audit_record_types = id_CryptoPro_algorithms + (43,) + +id_CryptoPro_attributes = id_CryptoPro_algorithms + (44,) + +id_CryptoPro_name_service_types = id_CryptoPro_algorithms + (45,) + +id_GostR3410_2001DH = id_CryptoPro_algorithms + (98,) + +id_GostR3410_94DH = id_CryptoPro_algorithms + (99,) + + +id_Gost28147_89_TestParamSet = id_CryptoPro_encrypts + (0,) + +id_Gost28147_89_CryptoPro_A_ParamSet = id_CryptoPro_encrypts + (1,) + +id_Gost28147_89_CryptoPro_B_ParamSet = id_CryptoPro_encrypts + (2,) + +id_Gost28147_89_CryptoPro_C_ParamSet = id_CryptoPro_encrypts + (3,) + +id_Gost28147_89_CryptoPro_D_ParamSet = id_CryptoPro_encrypts + (4,) + +id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet = id_CryptoPro_encrypts + (5,) + +id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet = id_CryptoPro_encrypts + (6,) + +id_Gost28147_89_CryptoPro_RIC_1_ParamSet = id_CryptoPro_encrypts + (7,) + + +id_GostR3410_2001_TestParamSet = id_CryptoPro_ecc_signs + (0,) + +id_GostR3410_2001_CryptoPro_A_ParamSet = id_CryptoPro_ecc_signs + (1,) + +id_GostR3410_2001_CryptoPro_B_ParamSet = id_CryptoPro_ecc_signs + (2,) + +id_GostR3410_2001_CryptoPro_C_ParamSet = id_CryptoPro_ecc_signs + (3,) + + +id_GostR3410_2001_CryptoPro_XchA_ParamSet = id_CryptoPro_ecc_exchanges + (0,) + +id_GostR3410_2001_CryptoPro_XchB_ParamSet = id_CryptoPro_ecc_exchanges + (1,) + + +id_GostR3410_94_TestParamSet = id_CryptoPro_signs + (0,) + +id_GostR3410_94_CryptoPro_A_ParamSet = id_CryptoPro_signs + (2,) + +id_GostR3410_94_CryptoPro_B_ParamSet = id_CryptoPro_signs + (3,) + +id_GostR3410_94_CryptoPro_C_ParamSet = id_CryptoPro_signs + (4,) + +id_GostR3410_94_CryptoPro_D_ParamSet = id_CryptoPro_signs + (5,) + + +id_GostR3410_94_CryptoPro_XchA_ParamSet = id_CryptoPro_exchanges + (1,) + +id_GostR3410_94_CryptoPro_XchB_ParamSet = id_CryptoPro_exchanges + (2,) + +id_GostR3410_94_CryptoPro_XchC_ParamSet = id_CryptoPro_exchanges + (3,) + + +id_GostR3410_94_a = id_GostR3410_94 + (1,) + +id_GostR3410_94_aBis = id_GostR3410_94 + (2,) + +id_GostR3410_94_b = id_GostR3410_94 + (3,) + +id_GostR3410_94_bBis = id_GostR3410_94 + (4,) + + +id_GostR3411_94_TestParamSet = id_CryptoPro_hashes + (0,) + +id_GostR3411_94_CryptoProParamSet = id_CryptoPro_hashes + (1,) + + + + +class Gost28147_89_ParamSet(univ.ObjectIdentifier): + pass + +Gost28147_89_ParamSet.subtypeSpec = constraint.SingleValueConstraint( + id_Gost28147_89_TestParamSet, + id_Gost28147_89_CryptoPro_A_ParamSet, + id_Gost28147_89_CryptoPro_B_ParamSet, + id_Gost28147_89_CryptoPro_C_ParamSet, + id_Gost28147_89_CryptoPro_D_ParamSet, + id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet, + id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet, + id_Gost28147_89_CryptoPro_RIC_1_ParamSet +) + + +class Gost28147_89_BlobParameters(univ.Sequence): + pass + +Gost28147_89_BlobParameters.componentType = namedtype.NamedTypes( + namedtype.NamedType('encryptionParamSet', Gost28147_89_ParamSet()) +) + + +class Gost28147_89_MAC(univ.OctetString): + pass + +Gost28147_89_MAC.subtypeSpec = constraint.ValueSizeConstraint(1, 4) + + +class Gost28147_89_Key(univ.OctetString): + pass + +Gost28147_89_Key.subtypeSpec = constraint.ValueSizeConstraint(32, 32) + + +class Gost28147_89_EncryptedKey(univ.Sequence): + pass + +Gost28147_89_EncryptedKey.componentType = namedtype.NamedTypes( + namedtype.NamedType('encryptedKey', Gost28147_89_Key()), + namedtype.OptionalNamedType('maskKey', Gost28147_89_Key().subtype( + implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), + namedtype.NamedType('macKey', Gost28147_89_MAC()) +) + + +class Gost28147_89_IV(univ.OctetString): + pass + +Gost28147_89_IV.subtypeSpec = constraint.ValueSizeConstraint(8, 8) + + +class Gost28147_89_UZ(univ.OctetString): + pass + +Gost28147_89_UZ.subtypeSpec = constraint.ValueSizeConstraint(64, 64) + + +class Gost28147_89_ParamSetParameters(univ.Sequence): + pass + +Gost28147_89_ParamSetParameters.componentType = namedtype.NamedTypes( + namedtype.NamedType('eUZ', Gost28147_89_UZ()), + namedtype.NamedType('mode', + univ.Integer(namedValues=namedval.NamedValues( + ('gost28147-89-CNT', 0), + ('gost28147-89-CFB', 1), + ('cryptoPro-CBC', 2) + ))), + namedtype.NamedType('shiftBits', + univ.Integer(namedValues=namedval.NamedValues( + ('gost28147-89-block', 64) + ))), + namedtype.NamedType('keyMeshing', AlgorithmIdentifier()) +) + + +class Gost28147_89_Parameters(univ.Sequence): + pass + +Gost28147_89_Parameters.componentType = namedtype.NamedTypes( + namedtype.NamedType('iv', Gost28147_89_IV()), + namedtype.NamedType('encryptionParamSet', Gost28147_89_ParamSet()) +) + + +class GostR3410_2001_CertificateSignature(univ.BitString): + pass + +GostR3410_2001_CertificateSignature.subtypeSpec=constraint.ValueSizeConstraint(256, 512) + + +class GostR3410_2001_ParamSetParameters(univ.Sequence): + pass + +GostR3410_2001_ParamSetParameters.componentType = namedtype.NamedTypes( + namedtype.NamedType('a', univ.Integer()), + namedtype.NamedType('b', univ.Integer()), + namedtype.NamedType('p', univ.Integer()), + namedtype.NamedType('q', univ.Integer()), + namedtype.NamedType('x', univ.Integer()), + namedtype.NamedType('y', univ.Integer()) +) + + +class GostR3410_2001_PublicKey(univ.OctetString): + pass + +GostR3410_2001_PublicKey.subtypeSpec = constraint.ValueSizeConstraint(64, 64) + + +class GostR3410_2001_PublicKeyParameters(univ.Sequence): + pass + +GostR3410_2001_PublicKeyParameters.componentType = namedtype.NamedTypes( + namedtype.NamedType('publicKeyParamSet', univ.ObjectIdentifier().subtype( + subtypeSpec=constraint.SingleValueConstraint( + id_GostR3410_2001_TestParamSet, + id_GostR3410_2001_CryptoPro_A_ParamSet, + id_GostR3410_2001_CryptoPro_B_ParamSet, + id_GostR3410_2001_CryptoPro_C_ParamSet, + id_GostR3410_2001_CryptoPro_XchA_ParamSet, + id_GostR3410_2001_CryptoPro_XchB_ParamSet + ))), + namedtype.NamedType('digestParamSet', univ.ObjectIdentifier().subtype( + subtypeSpec=constraint.SingleValueConstraint( + id_GostR3411_94_TestParamSet, + id_GostR3411_94_CryptoProParamSet + ))), + namedtype.DefaultedNamedType('encryptionParamSet', + Gost28147_89_ParamSet().subtype(value=id_Gost28147_89_CryptoPro_A_ParamSet + )) +) + + +class GostR3410_94_CertificateSignature(univ.BitString): + pass + +GostR3410_94_CertificateSignature.subtypeSpec = constraint.ValueSizeConstraint(256, 512) + + +class GostR3410_94_ParamSetParameters_t(univ.Integer): + pass + +GostR3410_94_ParamSetParameters_t.subtypeSpec = constraint.SingleValueConstraint(512, 1024) + + +class GostR3410_94_ParamSetParameters(univ.Sequence): + pass + +GostR3410_94_ParamSetParameters.componentType = namedtype.NamedTypes( + namedtype.NamedType('t', GostR3410_94_ParamSetParameters_t()), + namedtype.NamedType('p', univ.Integer()), + namedtype.NamedType('q', univ.Integer()), + namedtype.NamedType('a', univ.Integer()), + namedtype.OptionalNamedType('validationAlgorithm', AlgorithmIdentifier()) +) + + +class GostR3410_94_PublicKey(univ.OctetString): + pass + +GostR3410_94_PublicKey.subtypeSpec = constraint.ConstraintsUnion( + constraint.ValueSizeConstraint(64, 64), + constraint.ValueSizeConstraint(128, 128) +) + + +class GostR3410_94_PublicKeyParameters(univ.Sequence): + pass + +GostR3410_94_PublicKeyParameters.componentType = namedtype.NamedTypes( + namedtype.NamedType('publicKeyParamSet', univ.ObjectIdentifier().subtype( + subtypeSpec=constraint.SingleValueConstraint( + id_GostR3410_94_TestParamSet, + id_GostR3410_94_CryptoPro_A_ParamSet, + id_GostR3410_94_CryptoPro_B_ParamSet, + id_GostR3410_94_CryptoPro_C_ParamSet, + id_GostR3410_94_CryptoPro_D_ParamSet, + id_GostR3410_94_CryptoPro_XchA_ParamSet, + id_GostR3410_94_CryptoPro_XchB_ParamSet, + id_GostR3410_94_CryptoPro_XchC_ParamSet + ))), + namedtype.NamedType('digestParamSet', univ.ObjectIdentifier().subtype( + subtypeSpec=constraint.SingleValueConstraint( + id_GostR3411_94_TestParamSet, + id_GostR3411_94_CryptoProParamSet + ))), + namedtype.DefaultedNamedType('encryptionParamSet', + Gost28147_89_ParamSet().subtype(value=id_Gost28147_89_CryptoPro_A_ParamSet + )) +) + + +class GostR3410_94_ValidationBisParameters_c(univ.Integer): + pass + +GostR3410_94_ValidationBisParameters_c.subtypeSpec = constraint.ValueRangeConstraint(0, 4294967295) + + +class GostR3410_94_ValidationBisParameters(univ.Sequence): + pass + +GostR3410_94_ValidationBisParameters.componentType = namedtype.NamedTypes( + namedtype.NamedType('x0', GostR3410_94_ValidationBisParameters_c()), + namedtype.NamedType('c', GostR3410_94_ValidationBisParameters_c()), + namedtype.OptionalNamedType('d', univ.Integer()) +) + + +class GostR3410_94_ValidationParameters_c(univ.Integer): + pass + +GostR3410_94_ValidationParameters_c.subtypeSpec = constraint.ValueRangeConstraint(0, 65535) + + +class GostR3410_94_ValidationParameters(univ.Sequence): + pass + +GostR3410_94_ValidationParameters.componentType = namedtype.NamedTypes( + namedtype.NamedType('x0', GostR3410_94_ValidationParameters_c()), + namedtype.NamedType('c', GostR3410_94_ValidationParameters_c()), + namedtype.OptionalNamedType('d', univ.Integer()) +) + + +class GostR3411_94_Digest(univ.OctetString): + pass + +GostR3411_94_Digest.subtypeSpec = constraint.ValueSizeConstraint(32, 32) + + +class GostR3411_94_DigestParameters(univ.ObjectIdentifier): + pass + +GostR3411_94_DigestParameters.subtypeSpec = constraint.ConstraintsUnion( + constraint.SingleValueConstraint(id_GostR3411_94_TestParamSet), + constraint.SingleValueConstraint(id_GostR3411_94_CryptoProParamSet), +) + + +class GostR3411_94_ParamSetParameters(univ.Sequence): + pass + +GostR3411_94_ParamSetParameters.componentType = namedtype.NamedTypes( + namedtype.NamedType('hUZ', Gost28147_89_UZ()), + namedtype.NamedType('h0', GostR3411_94_Digest()) +) + + +# Update the Algorithm Identifier map in rfc5280.py + +_algorithmIdentifierMapUpdate = { + id_Gost28147_89: Gost28147_89_Parameters(), + id_Gost28147_89_TestParamSet: Gost28147_89_ParamSetParameters(), + id_Gost28147_89_CryptoPro_A_ParamSet: Gost28147_89_ParamSetParameters(), + id_Gost28147_89_CryptoPro_B_ParamSet: Gost28147_89_ParamSetParameters(), + id_Gost28147_89_CryptoPro_C_ParamSet: Gost28147_89_ParamSetParameters(), + id_Gost28147_89_CryptoPro_D_ParamSet: Gost28147_89_ParamSetParameters(), + id_Gost28147_89_CryptoPro_KeyMeshing: univ.Null(""), + id_Gost28147_89_None_KeyMeshing: univ.Null(""), + id_GostR3410_94: GostR3410_94_PublicKeyParameters(), + id_GostR3410_94_TestParamSet: GostR3410_94_ParamSetParameters(), + id_GostR3410_94_CryptoPro_A_ParamSet: GostR3410_94_ParamSetParameters(), + id_GostR3410_94_CryptoPro_B_ParamSet: GostR3410_94_ParamSetParameters(), + id_GostR3410_94_CryptoPro_C_ParamSet: GostR3410_94_ParamSetParameters(), + id_GostR3410_94_CryptoPro_D_ParamSet: GostR3410_94_ParamSetParameters(), + id_GostR3410_94_CryptoPro_XchA_ParamSet: GostR3410_94_ParamSetParameters(), + id_GostR3410_94_CryptoPro_XchB_ParamSet: GostR3410_94_ParamSetParameters(), + id_GostR3410_94_CryptoPro_XchC_ParamSet: GostR3410_94_ParamSetParameters(), + id_GostR3410_94_a: GostR3410_94_ValidationParameters(), + id_GostR3410_94_aBis: GostR3410_94_ValidationBisParameters(), + id_GostR3410_94_b: GostR3410_94_ValidationParameters(), + id_GostR3410_94_bBis: GostR3410_94_ValidationBisParameters(), + id_GostR3410_2001: univ.Null(""), + id_GostR3411_94: univ.Null(""), + id_GostR3411_94_TestParamSet: GostR3411_94_ParamSetParameters(), + id_GostR3411_94_CryptoProParamSet: GostR3411_94_ParamSetParameters(), +} + +rfc5280.algorithmIdentifierMap.update(_algorithmIdentifierMapUpdate) diff --git a/pyasn1_modules/rfc4490.py b/pyasn1_modules/rfc4490.py new file mode 100644 index 0000000..b8fe321 --- /dev/null +++ b/pyasn1_modules/rfc4490.py @@ -0,0 +1,113 @@ +# +# This file is part of pyasn1-modules software. +# +# Created by Russ Housley with assistance from asn1ate v.0.6.0. +# +# Copyright (c) 2019, Vigil Security, LLC +# License: http://snmplabs.com/pyasn1/license.html +# +# Using the GOST 28147-89, GOST R 34.11-94, GOST R 34.10-94, and +# GOST R 34.10-2001 Algorithms with the CMS +# +# ASN.1 source from: +# https://www.rfc-editor.org/rfc/rfc4490.txt +# + + +from pyasn1.type import univ, char, namedtype, namedval, tag, constraint, useful + +from pyasn1_modules import rfc4357 +from pyasn1_modules import rfc5280 + + +# Imports from RFC 4357 + +id_CryptoPro_algorithms = rfc4357.id_CryptoPro_algorithms + +id_GostR3410_94 = rfc4357.id_GostR3410_94 + +id_GostR3410_2001 = rfc4357.id_GostR3410_2001 + +Gost28147_89_ParamSet = rfc4357.Gost28147_89_ParamSet + +Gost28147_89_EncryptedKey = rfc4357.Gost28147_89_EncryptedKey + +GostR3410_94_PublicKeyParameters = rfc4357.GostR3410_94_PublicKeyParameters + +GostR3410_2001_PublicKeyParameters = rfc4357.GostR3410_2001_PublicKeyParameters + + +# Imports from RFC 5280 + +SubjectPublicKeyInfo = rfc5280.SubjectPublicKeyInfo + + +# CMS/PKCS#7 key agreement algorithms & parameters + +class Gost28147_89_KeyWrapParameters(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('encryptionParamSet', Gost28147_89_ParamSet()), + namedtype.OptionalNamedType('ukm', univ.OctetString().subtype( + subtypeSpec=constraint.ValueSizeConstraint(8, 8))) + ) + + +id_Gost28147_89_CryptoPro_KeyWrap = id_CryptoPro_algorithms + (13, 1, ) + + +id_Gost28147_89_None_KeyWrap = id_CryptoPro_algorithms + (13, 0, ) + + +id_GostR3410_2001_CryptoPro_ESDH = id_CryptoPro_algorithms + (96, ) + + +id_GostR3410_94_CryptoPro_ESDH = id_CryptoPro_algorithms + (97, ) + + +# CMS/PKCS#7 key transport algorithms & parameters + +id_GostR3410_2001_KeyTransportSMIMECapability = id_GostR3410_2001 + + +id_GostR3410_94_KeyTransportSMIMECapability = id_GostR3410_94 + + +class GostR3410_TransportParameters(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('encryptionParamSet', Gost28147_89_ParamSet()), + namedtype.OptionalNamedType('ephemeralPublicKey', + SubjectPublicKeyInfo().subtype(implicitTag=tag.Tag( + tag.tagClassContext, tag.tagFormatSimple, 0))), + namedtype.NamedType('ukm', univ.OctetString().subtype( + subtypeSpec=constraint.ValueSizeConstraint(8, 8))) + ) + +class GostR3410_KeyTransport(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('sessionEncryptedKey', Gost28147_89_EncryptedKey()), + namedtype.OptionalNamedType('transportParameters', + GostR3410_TransportParameters().subtype(implicitTag=tag.Tag( + tag.tagClassContext, tag.tagFormatConstructed, 0))) + ) + + +# GOST R 34.10-94 signature algorithm & parameters + +class GostR3410_94_Signature(univ.OctetString): + subtypeSpec = constraint.ValueSizeConstraint(64, 64) + + +# GOST R 34.10-2001 signature algorithms and parameters + +class GostR3410_2001_Signature(univ.OctetString): + subtypeSpec = constraint.ValueSizeConstraint(64, 64) + + +# Update the Algorithm Identifier map in rfc5280.py + +_algorithmIdentifierMapUpdate = { + id_Gost28147_89_CryptoPro_KeyWrap: Gost28147_89_KeyWrapParameters(), + id_Gost28147_89_None_KeyWrap: Gost28147_89_KeyWrapParameters(), +} + +rfc5280.algorithmIdentifierMap.update(_algorithmIdentifierMapUpdate) diff --git a/pyasn1_modules/rfc4491.py b/pyasn1_modules/rfc4491.py new file mode 100644 index 0000000..60b5560 --- /dev/null +++ b/pyasn1_modules/rfc4491.py @@ -0,0 +1,44 @@ +# +# This file is part of pyasn1-modules software. +# +# Created by Russ Housley. +# +# Copyright (c) 2019, Vigil Security, LLC +# License: http://snmplabs.com/pyasn1/license.html +# +# Using the GOST R 34.10-94, GOST R 34.10-2001, and GOST R 34.11-94 +# Algorithms with Certificates and CRLs +# +# ASN.1 source from: +# https://www.rfc-editor.org/rfc/rfc4491.txt +# + +from pyasn1_modules import rfc4357 + + +# Signature Algorithm GOST R 34.10-94 + +id_GostR3411_94_with_GostR3410_94 = rfc4357.id_GostR3411_94_with_GostR3410_94 + + +# Signature Algorithm GOST R 34.10-2001 + +id_GostR3411_94_with_GostR3410_2001 = rfc4357.id_GostR3411_94_with_GostR3410_2001 + + +# GOST R 34.10-94 Keys + +id_GostR3410_94 = rfc4357.id_GostR3410_94 + +GostR3410_2001_PublicKey = rfc4357.GostR3410_2001_PublicKey + +GostR3410_2001_PublicKeyParameters = rfc4357.GostR3410_2001_PublicKeyParameters + + +# GOST R 34.10-2001 Keys + +id_GostR3410_2001 = rfc4357.id_GostR3410_2001 + +GostR3410_94_PublicKey = rfc4357.GostR3410_94_PublicKey + +GostR3410_94_PublicKeyParameters = rfc4357.GostR3410_94_PublicKeyParameters diff --git a/tests/__main__.py b/tests/__main__.py index ff12d97..1188a57 100644 --- a/tests/__main__.py +++ b/tests/__main__.py @@ -47,7 +47,10 @@ suite = unittest.TestLoader().loadTestsFromNames( 'tests.test_rfc4210.suite', 'tests.test_rfc4211.suite', 'tests.test_rfc4334.suite', + 'tests.test_rfc4357.suite', 'tests.test_rfc4387.suite', + 'tests.test_rfc4490.suite', + 'tests.test_rfc4491.suite', 'tests.test_rfc4985.suite', 'tests.test_rfc5035.suite', 'tests.test_rfc5083.suite', diff --git a/tests/test_rfc4357.py b/tests/test_rfc4357.py new file mode 100644 index 0000000..cf10d59 --- /dev/null +++ b/tests/test_rfc4357.py @@ -0,0 +1,248 @@ +# +# This file is part of pyasn1-modules software. +# +# Copyright (c) 2019, Vigil Security, LLC +# License: http://snmplabs.com/pyasn1/license.html +# +import sys +import unittest + +from pyasn1.type import univ + +from pyasn1.codec.der.decoder import decode as der_decoder +from pyasn1.codec.der.encoder import encode as der_encoder + +from pyasn1_modules import pem +from pyasn1_modules import rfc5652 +from pyasn1_modules import rfc5280 +from pyasn1_modules import rfc4357 + + +class SignedTestCase(unittest.TestCase): + signed_pem_text = """\ +MIIBKAYJKoZIhvcNAQcCoIIBGTCCARUCAQExDDAKBgYqhQMCAgkFADAbBgkqhkiG +9w0BBwGgDgQMc2FtcGxlIHRleHQKMYHkMIHhAgEBMIGBMG0xHzAdBgNVBAMMFkdv +c3RSMzQxMC0yMDAxIGV4YW1wbGUxEjAQBgNVBAoMCUNyeXB0b1BybzELMAkGA1UE +BhMCUlUxKTAnBgkqhkiG9w0BCQEWGkdvc3RSMzQxMC0yMDAxQGV4YW1wbGUuY29t +AhAr9cYewhG9F8fc1GJmtC4hMAoGBiqFAwICCQUAMAoGBiqFAwICEwUABEDAw0LZ +P4/+JRERiHe/icPbg0IE1iD5aCqZ9v4wO+T0yPjVtNr74caRZzQfvKZ6DRJ7/RAl +xlHbjbL0jHF+7XKp +""" + + def setUp(self): + self.asn1Spec = rfc5652.ContentInfo() + + def testDerCodec(self): + substrate = pem.readBase64fromText(self.signed_pem_text) + asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec) + self.assertFalse(rest) + self.assertTrue(asn1Object.prettyPrint()) + self.assertEqual(substrate, der_encoder(asn1Object)) + self.assertEqual(rfc5652.id_signedData, asn1Object['contentType']) + + sd, rest = der_decoder( + asn1Object['content'], asn1Spec=rfc5652.SignedData()) + self.assertFalse(rest) + self.assertTrue(sd.prettyPrint()) + self.assertEqual(asn1Object['content'], der_encoder(sd)) + + encoded_null = der_encoder(univ.Null("")) + + si = sd['signerInfos'][0] + self.assertEqual(rfc4357.id_GostR3411_94, si['digestAlgorithm']['algorithm']) + self.assertEqual(encoded_null, si['digestAlgorithm']['parameters']) + + self.assertEqual(rfc4357.id_GostR3410_2001, si['signatureAlgorithm']['algorithm']) + self.assertEqual(encoded_null, si['signatureAlgorithm']['parameters']) + self.assertEqual(64, len(si['signature'])) + + def testOpenTypes(self): + substrate = pem.readBase64fromText(self.signed_pem_text) + asn1Object, rest = der_decoder( + substrate, asn1Spec=self.asn1Spec, decodeOpenTypes=True) + self.assertFalse(rest) + self.assertTrue(asn1Object.prettyPrint()) + self.assertEqual(substrate, der_encoder(asn1Object)) + self.assertEqual(rfc5652.id_signedData, asn1Object['contentType']) + + si = asn1Object['content']['signerInfos'][0] + self.assertEqual(rfc4357.id_GostR3411_94, si['digestAlgorithm']['algorithm']) + self.assertEqual(univ.Null(""), si['digestAlgorithm']['parameters']) + + self.assertEqual(rfc4357.id_GostR3410_2001, si['signatureAlgorithm']['algorithm']) + self.assertEqual(univ.Null(""), si['signatureAlgorithm']['parameters']) + + self.assertEqual(64, len(si['signature'])) + +class KeyAgreeTestCase(unittest.TestCase): + keyagree_pem_text = """\ +MIIBpAYJKoZIhvcNAQcDoIIBlTCCAZECAQIxggFQoYIBTAIBA6BloWMwHAYGKoUD +AgITMBIGByqFAwICJAAGByqFAwICHgEDQwAEQLNVOfRngZcrpcTZhB8n+4HtCDLm +mtTyAHi4/4Nk6tIdsHg8ff4DwfQG5DvMFrnF9vYZNxwXuKCqx9GhlLOlNiChCgQI +L/D20YZLMoowHgYGKoUDAgJgMBQGByqFAwICDQAwCQYHKoUDAgIfATCBszCBsDCB +gTBtMR8wHQYDVQQDDBZHb3N0UjM0MTAtMjAwMSBleGFtcGxlMRIwEAYDVQQKDAlD +cnlwdG9Qcm8xCzAJBgNVBAYTAlJVMSkwJwYJKoZIhvcNAQkBFhpHb3N0UjM0MTAt +MjAwMUBleGFtcGxlLmNvbQIQK/XGHsIRvRfH3NRiZrQuIQQqMCgEIBajHOfOTukN +8ex0aQRoHsefOu24Ox8dSn75pdnLGdXoBAST/YZ+MDgGCSqGSIb3DQEHATAdBgYq +hQMCAhUwEwQItzXhegc1oh0GByqFAwICHwGADDmxivS/qeJlJbZVyQ== +""" + + def setUp(self): + self.asn1Spec = rfc5652.ContentInfo() + + def testDerCodec(self): + substrate = pem.readBase64fromText(self.keyagree_pem_text) + asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec) + self.assertFalse(rest) + self.assertTrue(asn1Object.prettyPrint()) + self.assertEqual(substrate, der_encoder(asn1Object)) + self.assertEqual(rfc5652.id_envelopedData, asn1Object['contentType']) + + ed, rest = der_decoder( + asn1Object['content'], asn1Spec=rfc5652.EnvelopedData()) + self.assertFalse(rest) + self.assertTrue(ed.prettyPrint()) + self.assertEqual(asn1Object['content'], der_encoder(ed)) + + ri = ed['recipientInfos'][0] + alg1 = ri['kari']['originator']['originatorKey']['algorithm'] + self.assertEqual(rfc4357.id_GostR3410_2001, alg1['algorithm']) + param1, rest = der_decoder( + alg1['parameters'], + asn1Spec=rfc4357.GostR3410_2001_PublicKeyParameters()) + self.assertFalse(rest) + self.assertTrue(param1.prettyPrint()) + self.assertEqual(alg1['parameters'], der_encoder(param1)) + + self.assertEqual(rfc4357.id_GostR3410_2001_CryptoPro_XchA_ParamSet, param1['publicKeyParamSet']) + self.assertEqual(rfc4357.id_GostR3411_94_CryptoProParamSet, param1['digestParamSet']) + + self.assertEqual(8, len(ri['kari']['ukm'])) + + alg2 = ed['encryptedContentInfo']['contentEncryptionAlgorithm'] + self.assertEqual(rfc4357.id_Gost28147_89, alg2['algorithm'], ) + param2, rest = der_decoder( + alg2['parameters'], + asn1Spec=rfc4357.Gost28147_89_Parameters()) + self.assertFalse(rest) + self.assertTrue(param1.prettyPrint()) + self.assertEqual(alg2['parameters'], der_encoder(param2)) + + self.assertEqual(8, len(param2['iv'])) + self.assertEqual(rfc4357.id_Gost28147_89_CryptoPro_A_ParamSet, param2['encryptionParamSet']) + + def testOpenTypes(self): + openTypeMap = { + rfc4357.id_GostR3410_2001: rfc4357.GostR3410_2001_PublicKeyParameters(), + rfc4357.id_Gost28147_89: rfc4357.Gost28147_89_Parameters(), + } + + substrate = pem.readBase64fromText(self.keyagree_pem_text) + asn1Object, rest = der_decoder( + substrate, asn1Spec=self.asn1Spec, + openTypes=openTypeMap, decodeOpenTypes=True) + self.assertFalse(rest) + self.assertTrue(asn1Object.prettyPrint()) + self.assertEqual(substrate, der_encoder(asn1Object)) + self.assertEqual(rfc5652.id_envelopedData, asn1Object['contentType']) + + ri = asn1Object['content']['recipientInfos'][0] + alg1 = ri['kari']['originator']['originatorKey']['algorithm'] + self.assertEqual(rfc4357.id_GostR3410_2001, alg1['algorithm']) + param1 = alg1['parameters'] + self.assertEqual(rfc4357.id_GostR3410_2001_CryptoPro_XchA_ParamSet, param1['publicKeyParamSet']) + self.assertEqual(rfc4357.id_GostR3411_94_CryptoProParamSet, param1['digestParamSet']) + + self.assertEqual(8, len(ri['kari']['ukm'])) + + alg2 = asn1Object['content']['encryptedContentInfo']['contentEncryptionAlgorithm'] + self.assertEqual(rfc4357.id_Gost28147_89, alg2['algorithm']) + param2 = alg2['parameters'] + self.assertEqual(8, len(param2['iv'])) + self.assertEqual(rfc4357.id_Gost28147_89_CryptoPro_A_ParamSet, param2['encryptionParamSet']) + + +class KeyTransportTestCase(unittest.TestCase): + keytrans_pem_text = """\ +MIIBpwYJKoZIhvcNAQcDoIIBmDCCAZQCAQAxggFTMIIBTwIBADCBgTBtMR8wHQYD +VQQDDBZHb3N0UjM0MTAtMjAwMSBleGFtcGxlMRIwEAYDVQQKDAlDcnlwdG9Qcm8x +CzAJBgNVBAYTAlJVMSkwJwYJKoZIhvcNAQkBFhpHb3N0UjM0MTAtMjAwMUBleGFt +cGxlLmNvbQIQK/XGHsIRvRfH3NRiZrQuITAcBgYqhQMCAhMwEgYHKoUDAgIkAAYH +KoUDAgIeAQSBpzCBpDAoBCBqL6ghBpVon5/kR6qey2EVK35BYLxdjfv1PSgbGJr5 +dQQENm2Yt6B4BgcqhQMCAh8BoGMwHAYGKoUDAgITMBIGByqFAwICJAAGByqFAwIC +HgEDQwAEQE0rLzOQ5tyj3VUqzd/g7/sx93N+Tv+/eImKK8PNMZQESw5gSJYf28dd +Em/askCKd7W96vLsNMsjn5uL3Z4SwPYECJeV4ywrrSsMMDgGCSqGSIb3DQEHATAd +BgYqhQMCAhUwEwQIvBCLHwv/NCkGByqFAwICHwGADKqOch3uT7Mu4w+hNw== +""" + + def setUp(self): + self.asn1Spec = rfc5652.ContentInfo() + + def testDerCodec(self): + substrate = pem.readBase64fromText(self.keytrans_pem_text) + asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec) + self.assertFalse(rest) + self.assertTrue(asn1Object.prettyPrint()) + self.assertEqual(substrate, der_encoder(asn1Object)) + self.assertEqual(rfc5652.id_envelopedData, asn1Object['contentType']) + + ed, rest = der_decoder( + asn1Object['content'], asn1Spec=rfc5652.EnvelopedData()) + self.assertFalse(rest) + self.assertTrue(ed.prettyPrint()) + self.assertEqual(asn1Object['content'], der_encoder(ed)) + + ri = ed['recipientInfos'][0] + alg1 = ri['ktri']['keyEncryptionAlgorithm'] + self.assertEqual(rfc4357.id_GostR3410_2001, alg1['algorithm']) + param1, rest = der_decoder( + alg1['parameters'], asn1Spec=rfc4357.GostR3410_2001_PublicKeyParameters()) + self.assertFalse(rest) + self.assertTrue(param1.prettyPrint()) + self.assertEqual(alg1['parameters'], der_encoder(param1)) + self.assertEqual(rfc4357.id_GostR3410_2001_CryptoPro_XchA_ParamSet, param1['publicKeyParamSet']) + self.assertEqual(rfc4357.id_GostR3411_94_CryptoProParamSet, param1['digestParamSet']) + + alg2 = ed['encryptedContentInfo']['contentEncryptionAlgorithm'] + self.assertEqual(rfc4357.id_Gost28147_89, alg2['algorithm']) + param2, rest = der_decoder( + alg2['parameters'], asn1Spec=rfc4357.Gost28147_89_Parameters()) + self.assertFalse(rest) + self.assertTrue(param2.prettyPrint()) + self.assertEqual(alg2['parameters'], der_encoder(param2)) + self.assertEqual(8, len(param2['iv'])) + self.assertEqual(rfc4357.id_Gost28147_89_CryptoPro_A_ParamSet, param2['encryptionParamSet']) + + def testOpenTypes(self): + openTypeMap = { + rfc4357.id_GostR3410_2001: rfc4357.GostR3410_2001_PublicKeyParameters(), + rfc4357.id_Gost28147_89: rfc4357.Gost28147_89_Parameters(), + } + + substrate = pem.readBase64fromText(self.keytrans_pem_text) + asn1Object, rest = der_decoder( + substrate, asn1Spec=self.asn1Spec, + openTypes=openTypeMap, decodeOpenTypes=True) + self.assertFalse(rest) + self.assertTrue(asn1Object.prettyPrint()) + self.assertEqual(substrate, der_encoder(asn1Object)) + + ri = asn1Object['content']['recipientInfos'][0] + alg1 = ri['ktri']['keyEncryptionAlgorithm'] + self.assertEqual(rfc4357.id_GostR3410_2001, alg1['algorithm']) + param1 = alg1['parameters'] + self.assertEqual(rfc4357.id_GostR3410_2001_CryptoPro_XchA_ParamSet, param1['publicKeyParamSet']) + self.assertEqual(rfc4357.id_GostR3411_94_CryptoProParamSet, param1['digestParamSet']) + + alg2 = asn1Object['content']['encryptedContentInfo']['contentEncryptionAlgorithm'] + self.assertEqual(rfc4357.id_Gost28147_89, alg2['algorithm']) + param2 = alg2['parameters'] + self.assertEqual(8, len(param2['iv'])) + self.assertEqual(rfc4357.id_Gost28147_89_CryptoPro_A_ParamSet, param2['encryptionParamSet']) + + +suite = unittest.TestLoader().loadTestsFromModule(sys.modules[__name__]) + +if __name__ == '__main__': + result = unittest.TextTestRunner(verbosity=2).run(suite) + sys.exit(not result.wasSuccessful()) diff --git a/tests/test_rfc4490.py b/tests/test_rfc4490.py new file mode 100644 index 0000000..5c3b8cf --- /dev/null +++ b/tests/test_rfc4490.py @@ -0,0 +1,274 @@ +# +# This file is part of pyasn1-modules software. +# +# Copyright (c) 2019, Vigil Security, LLC +# License: http://snmplabs.com/pyasn1/license.html +# +import sys +import unittest + +from pyasn1.type import univ + +from pyasn1.codec.der.decoder import decode as der_decoder +from pyasn1.codec.der.encoder import encode as der_encoder + +from pyasn1_modules import pem +from pyasn1_modules import rfc5652 +from pyasn1_modules import rfc5280 +from pyasn1_modules import rfc4357 +from pyasn1_modules import rfc4490 + + +class SignedTestCase(unittest.TestCase): + signed_pem_text = """\ +MIIBKAYJKoZIhvcNAQcCoIIBGTCCARUCAQExDDAKBgYqhQMCAgkFADAbBgkqhkiG +9w0BBwGgDgQMc2FtcGxlIHRleHQKMYHkMIHhAgEBMIGBMG0xHzAdBgNVBAMMFkdv +c3RSMzQxMC0yMDAxIGV4YW1wbGUxEjAQBgNVBAoMCUNyeXB0b1BybzELMAkGA1UE +BhMCUlUxKTAnBgkqhkiG9w0BCQEWGkdvc3RSMzQxMC0yMDAxQGV4YW1wbGUuY29t +AhAr9cYewhG9F8fc1GJmtC4hMAoGBiqFAwICCQUAMAoGBiqFAwICEwUABEDAw0LZ +P4/+JRERiHe/icPbg0IE1iD5aCqZ9v4wO+T0yPjVtNr74caRZzQfvKZ6DRJ7/RAl +xlHbjbL0jHF+7XKp +""" + + def setUp(self): + self.asn1Spec = rfc5652.ContentInfo() + + def testDerCodec(self): + substrate = pem.readBase64fromText(self.signed_pem_text) + asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec) + self.assertFalse(rest) + self.assertTrue(asn1Object.prettyPrint()) + self.assertEqual(substrate, der_encoder(asn1Object)) + self.assertEqual(rfc5652.id_signedData, asn1Object['contentType']) + + sd, rest = der_decoder( + asn1Object['content'], asn1Spec=rfc5652.SignedData()) + self.assertFalse(rest) + self.assertTrue(sd.prettyPrint()) + self.assertEqual(asn1Object['content'], der_encoder(sd)) + + encoded_null = der_encoder(univ.Null("")) + + si = sd['signerInfos'][0] + self.assertEqual(rfc4357.id_GostR3411_94, si['digestAlgorithm']['algorithm']) + self.assertEqual(encoded_null, si['digestAlgorithm']['parameters']) + + self.assertEqual(rfc4357.id_GostR3410_2001, si['signatureAlgorithm']['algorithm']) + self.assertEqual(encoded_null, si['signatureAlgorithm']['parameters']) + + sig = rfc4490.GostR3410_2001_Signature() + sig = si['signature'] + self.assertEqual(64, len(sig)) + + def testOpenTypes(self): + substrate = pem.readBase64fromText(self.signed_pem_text) + asn1Object, rest = der_decoder( + substrate, asn1Spec=self.asn1Spec, decodeOpenTypes=True) + self.assertFalse(rest) + self.assertTrue(asn1Object.prettyPrint()) + self.assertEqual(substrate, der_encoder(asn1Object)) + self.assertEqual(rfc5652.id_signedData, asn1Object['contentType']) + + si = asn1Object['content']['signerInfos'][0] + self.assertEqual(rfc4357.id_GostR3411_94, si['digestAlgorithm']['algorithm']) + self.assertEqual(univ.Null(""), si['digestAlgorithm']['parameters']) + + self.assertEqual(rfc4357.id_GostR3410_2001, si['signatureAlgorithm']['algorithm']) + self.assertEqual(univ.Null(""), si['signatureAlgorithm']['parameters']) + + sig = rfc4490.GostR3410_2001_Signature() + sig = si['signature'] + self.assertEqual(64, len(sig)) + +class KeyAgreeTestCase(unittest.TestCase): + keyagree_pem_text = """\ +MIIBpAYJKoZIhvcNAQcDoIIBlTCCAZECAQIxggFQoYIBTAIBA6BloWMwHAYGKoUD +AgITMBIGByqFAwICJAAGByqFAwICHgEDQwAEQLNVOfRngZcrpcTZhB8n+4HtCDLm +mtTyAHi4/4Nk6tIdsHg8ff4DwfQG5DvMFrnF9vYZNxwXuKCqx9GhlLOlNiChCgQI +L/D20YZLMoowHgYGKoUDAgJgMBQGByqFAwICDQAwCQYHKoUDAgIfATCBszCBsDCB +gTBtMR8wHQYDVQQDDBZHb3N0UjM0MTAtMjAwMSBleGFtcGxlMRIwEAYDVQQKDAlD +cnlwdG9Qcm8xCzAJBgNVBAYTAlJVMSkwJwYJKoZIhvcNAQkBFhpHb3N0UjM0MTAt +MjAwMUBleGFtcGxlLmNvbQIQK/XGHsIRvRfH3NRiZrQuIQQqMCgEIBajHOfOTukN +8ex0aQRoHsefOu24Ox8dSn75pdnLGdXoBAST/YZ+MDgGCSqGSIb3DQEHATAdBgYq +hQMCAhUwEwQItzXhegc1oh0GByqFAwICHwGADDmxivS/qeJlJbZVyQ== +""" + + def setUp(self): + self.asn1Spec = rfc5652.ContentInfo() + + def testDerCodec(self): + substrate = pem.readBase64fromText(self.keyagree_pem_text) + asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec) + self.assertFalse(rest) + self.assertTrue(asn1Object.prettyPrint()) + self.assertEqual(substrate, der_encoder(asn1Object)) + self.assertEqual(rfc5652.id_envelopedData, asn1Object['contentType']) + + ed, rest = der_decoder( + asn1Object['content'], asn1Spec=rfc5652.EnvelopedData()) + self.assertFalse(rest) + self.assertTrue(ed.prettyPrint()) + self.assertEqual(asn1Object['content'], der_encoder(ed)) + + ri = ed['recipientInfos'][0] + alg1 = ri['kari']['originator']['originatorKey']['algorithm'] + self.assertEqual(rfc4357.id_GostR3410_2001, alg1['algorithm']) + param1, rest = der_decoder( + alg1['parameters'], + asn1Spec=rfc4357.GostR3410_2001_PublicKeyParameters()) + self.assertFalse(rest) + self.assertTrue(param1.prettyPrint()) + self.assertEqual(alg1['parameters'], der_encoder(param1)) + + self.assertEqual(rfc4357.id_GostR3410_2001_CryptoPro_XchA_ParamSet, param1['publicKeyParamSet']) + self.assertEqual(rfc4357.id_GostR3411_94_CryptoProParamSet, param1['digestParamSet']) + + self.assertEqual(8, len(ri['kari']['ukm'])) + + alg2 = ri['kari']['keyEncryptionAlgorithm'] + self.assertEqual(rfc4490.id_GostR3410_2001_CryptoPro_ESDH, alg2['algorithm']) + param2, rest = der_decoder( + alg2['parameters'], asn1Spec=rfc4357.AlgorithmIdentifier()) + self.assertFalse(rest) + self.assertTrue(param2.prettyPrint()) + self.assertEqual(alg2['parameters'], der_encoder(param2)) + + self.assertEqual(rfc4490.id_Gost28147_89_None_KeyWrap, param2['algorithm']) + kwa_p, rest = der_decoder( + param2['parameters'], asn1Spec=rfc4490.Gost28147_89_KeyWrapParameters()) + self.assertFalse(rest) + self.assertTrue(kwa_p.prettyPrint()) + self.assertEqual(param2['parameters'], der_encoder(kwa_p)) + self.assertEqual(rfc4357.id_Gost28147_89_CryptoPro_A_ParamSet, kwa_p['encryptionParamSet']) + + alg3 = ed['encryptedContentInfo']['contentEncryptionAlgorithm'] + self.assertEqual(rfc4357.id_Gost28147_89, alg3['algorithm']) + param3, rest = der_decoder(alg3['parameters'], asn1Spec=rfc4357.Gost28147_89_Parameters()) + self.assertFalse(rest) + self.assertTrue(param3.prettyPrint()) + self.assertEqual(alg3['parameters'], der_encoder(param3)) + self.assertEqual(8, len(param3['iv'])) + self.assertEqual(rfc4357.id_Gost28147_89_CryptoPro_A_ParamSet, param3['encryptionParamSet']) + + def testOpenTypes(self): + openTypeMap = { + rfc4357.id_GostR3410_2001: rfc4357.GostR3410_2001_PublicKeyParameters(), + rfc4357.id_Gost28147_89: rfc4357.Gost28147_89_Parameters(), + rfc4490.id_GostR3410_2001_CryptoPro_ESDH: rfc5280.AlgorithmIdentifier(), + } + + substrate = pem.readBase64fromText(self.keyagree_pem_text) + asn1Object, rest = der_decoder( + substrate, asn1Spec=self.asn1Spec, + openTypes=openTypeMap, decodeOpenTypes=True) + self.assertFalse(rest) + self.assertTrue(asn1Object.prettyPrint()) + self.assertEqual(substrate, der_encoder(asn1Object)) + self.assertEqual(rfc5652.id_envelopedData, asn1Object['contentType']) + + ri = asn1Object['content']['recipientInfos'][0] + alg1 = ri['kari']['originator']['originatorKey']['algorithm'] + self.assertEqual(rfc4357.id_GostR3410_2001, alg1['algorithm']) + param1 = alg1['parameters'] + self.assertEqual(rfc4357.id_GostR3410_2001_CryptoPro_XchA_ParamSet, param1['publicKeyParamSet']) + self.assertEqual(rfc4357.id_GostR3411_94_CryptoProParamSet, param1['digestParamSet']) + + self.assertEqual(8, len(ri['kari']['ukm'])) + + alg2 = ri['kari']['keyEncryptionAlgorithm'] + self.assertEqual(rfc4490.id_GostR3410_2001_CryptoPro_ESDH, alg2['algorithm']) + param2 = alg2['parameters'] + self.assertEqual(rfc4490.id_Gost28147_89_None_KeyWrap, param2['algorithm']) + kwa_p = param2['parameters'] + self.assertEqual(rfc4357.id_Gost28147_89_CryptoPro_A_ParamSet, kwa_p['encryptionParamSet']) + + alg3 = asn1Object['content']['encryptedContentInfo']['contentEncryptionAlgorithm'] + self.assertEqual(rfc4357.id_Gost28147_89, alg3['algorithm']) + param3 = alg3['parameters'] + self.assertEqual(8, len(param3['iv'])) + self.assertEqual(rfc4357.id_Gost28147_89_CryptoPro_A_ParamSet, param3['encryptionParamSet']) + +class KeyTransportTestCase(unittest.TestCase): + keytrans_pem_text = """\ +MIIBpwYJKoZIhvcNAQcDoIIBmDCCAZQCAQAxggFTMIIBTwIBADCBgTBtMR8wHQYD +VQQDDBZHb3N0UjM0MTAtMjAwMSBleGFtcGxlMRIwEAYDVQQKDAlDcnlwdG9Qcm8x +CzAJBgNVBAYTAlJVMSkwJwYJKoZIhvcNAQkBFhpHb3N0UjM0MTAtMjAwMUBleGFt +cGxlLmNvbQIQK/XGHsIRvRfH3NRiZrQuITAcBgYqhQMCAhMwEgYHKoUDAgIkAAYH +KoUDAgIeAQSBpzCBpDAoBCBqL6ghBpVon5/kR6qey2EVK35BYLxdjfv1PSgbGJr5 +dQQENm2Yt6B4BgcqhQMCAh8BoGMwHAYGKoUDAgITMBIGByqFAwICJAAGByqFAwIC +HgEDQwAEQE0rLzOQ5tyj3VUqzd/g7/sx93N+Tv+/eImKK8PNMZQESw5gSJYf28dd +Em/askCKd7W96vLsNMsjn5uL3Z4SwPYECJeV4ywrrSsMMDgGCSqGSIb3DQEHATAd +BgYqhQMCAhUwEwQIvBCLHwv/NCkGByqFAwICHwGADKqOch3uT7Mu4w+hNw== +""" + + def setUp(self): + self.asn1Spec = rfc5652.ContentInfo() + + def testDerCodec(self): + substrate = pem.readBase64fromText(self.keytrans_pem_text) + asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec) + self.assertFalse(rest) + self.assertTrue(asn1Object.prettyPrint()) + self.assertEqual(substrate, der_encoder(asn1Object)) + self.assertEqual(rfc5652.id_envelopedData, asn1Object['contentType']) + + ed, rest = der_decoder( + asn1Object['content'], asn1Spec=rfc5652.EnvelopedData()) + self.assertFalse(rest) + self.assertTrue(ed.prettyPrint()) + self.assertEqual(asn1Object['content'], der_encoder(ed)) + + ri = ed['recipientInfos'][0] + alg1 = ri['ktri']['keyEncryptionAlgorithm'] + self.assertEqual(rfc4357.id_GostR3410_2001, alg1['algorithm']) + param1, rest = der_decoder( + alg1['parameters'], asn1Spec=rfc4357.GostR3410_2001_PublicKeyParameters()) + self.assertFalse(rest) + self.assertTrue(param1.prettyPrint()) + self.assertEqual(alg1['parameters'], der_encoder(param1)) + self.assertEqual(rfc4357.id_GostR3410_2001_CryptoPro_XchA_ParamSet, param1['publicKeyParamSet']) + self.assertEqual(rfc4357.id_GostR3411_94_CryptoProParamSet, param1['digestParamSet']) + + alg2 = ed['encryptedContentInfo']['contentEncryptionAlgorithm'] + self.assertEqual(rfc4357.id_Gost28147_89, alg2['algorithm']) + param2, rest = der_decoder( + alg2['parameters'], asn1Spec=rfc4357.Gost28147_89_Parameters()) + self.assertFalse(rest) + self.assertTrue(param2.prettyPrint()) + self.assertEqual(alg2['parameters'], der_encoder(param2)) + self.assertEqual(8, len(param2['iv'])) + self.assertEqual(rfc4357.id_Gost28147_89_CryptoPro_A_ParamSet, param2['encryptionParamSet']) + + def testOpenTypes(self): + openTypeMap = { + rfc4357.id_GostR3410_2001: rfc4357.GostR3410_2001_PublicKeyParameters(), + rfc4357.id_Gost28147_89: rfc4357.Gost28147_89_Parameters(), + } + + substrate = pem.readBase64fromText(self.keytrans_pem_text) + asn1Object, rest = der_decoder( + substrate, asn1Spec=self.asn1Spec, + openTypes=openTypeMap, decodeOpenTypes=True) + self.assertFalse(rest) + self.assertTrue(asn1Object.prettyPrint()) + self.assertEqual(substrate, der_encoder(asn1Object)) + + ri = asn1Object['content']['recipientInfos'][0] + alg1 = ri['ktri']['keyEncryptionAlgorithm'] + self.assertEqual(rfc4357.id_GostR3410_2001, alg1['algorithm']) + param1 = alg1['parameters'] + self.assertEqual(rfc4357.id_GostR3410_2001_CryptoPro_XchA_ParamSet, param1['publicKeyParamSet']) + self.assertEqual(rfc4357.id_GostR3411_94_CryptoProParamSet, param1['digestParamSet']) + + alg2 = asn1Object['content']['encryptedContentInfo']['contentEncryptionAlgorithm'] + self.assertEqual(rfc4357.id_Gost28147_89, alg2['algorithm']) + param2 = alg2['parameters'] + self.assertEqual(8, len(param2['iv'])) + self.assertEqual(rfc4357.id_Gost28147_89_CryptoPro_A_ParamSet, param2['encryptionParamSet']) + + +suite = unittest.TestLoader().loadTestsFromModule(sys.modules[__name__]) + +if __name__ == '__main__': + result = unittest.TextTestRunner(verbosity=2).run(suite) + sys.exit(not result.wasSuccessful()) diff --git a/tests/test_rfc4491.py b/tests/test_rfc4491.py new file mode 100644 index 0000000..24b94a9 --- /dev/null +++ b/tests/test_rfc4491.py @@ -0,0 +1,156 @@ +# +# This file is part of pyasn1-modules software. +# +# Copyright (c) 2019, Vigil Security, LLC +# License: http://snmplabs.com/pyasn1/license.html +# +import sys +import unittest + +from pyasn1.codec.der.decoder import decode as der_decoder +from pyasn1.codec.der.encoder import encode as der_encoder + +from pyasn1_modules import pem +from pyasn1_modules import rfc5280 +from pyasn1_modules import rfc4491 +from pyasn1_modules import rfc4357 + + +class GostR341094CertificateTestCase(unittest.TestCase): + gostR3410_94_cert_pem_text = """\ +MIICCzCCAboCECMO42BGlSTOxwvklBgufuswCAYGKoUDAgIEMGkxHTAbBgNVBAMM +FEdvc3RSMzQxMC05NCBleGFtcGxlMRIwEAYDVQQKDAlDcnlwdG9Qcm8xCzAJBgNV +BAYTAlJVMScwJQYJKoZIhvcNAQkBFhhHb3N0UjM0MTAtOTRAZXhhbXBsZS5jb20w +HhcNMDUwODE2MTIzMjUwWhcNMTUwODE2MTIzMjUwWjBpMR0wGwYDVQQDDBRHb3N0 +UjM0MTAtOTQgZXhhbXBsZTESMBAGA1UECgwJQ3J5cHRvUHJvMQswCQYDVQQGEwJS +VTEnMCUGCSqGSIb3DQEJARYYR29zdFIzNDEwLTk0QGV4YW1wbGUuY29tMIGlMBwG +BiqFAwICFDASBgcqhQMCAiACBgcqhQMCAh4BA4GEAASBgLuEZuF5nls02CyAfxOo +GWZxV/6MVCUhR28wCyd3RpjG+0dVvrey85NsObVCNyaE4g0QiiQOHwxCTSs7ESuo +v2Y5MlyUi8Go/htjEvYJJYfMdRv05YmKCYJo01x3pg+2kBATjeM+fJyR1qwNCCw+ +eMG1wra3Gqgqi0WBkzIydvp7MAgGBiqFAwICBANBABHHCH4S3ALxAiMpR3aPRyqB +g1DjB8zy5DEjiULIc+HeIveF81W9lOxGkZxnrFjXBSqnjLeFKgF1hffXOAP7zUM= +""" + + def setUp(self): + self.asn1Spec = rfc5280.Certificate() + + def testDerCodec(self): + substrate = pem.readBase64fromText(self.gostR3410_94_cert_pem_text) + asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec) + self.assertFalse(rest) + self.assertTrue(asn1Object.prettyPrint()) + self.assertEqual(substrate, der_encoder(asn1Object)) + + sa1 = asn1Object['signatureAlgorithm']['algorithm'] + self.assertEqual(rfc4491.id_GostR3411_94_with_GostR3410_94, sa1) + + sa2 = asn1Object['tbsCertificate']['signature']['algorithm'] + self.assertEqual(rfc4491.id_GostR3411_94_with_GostR3410_94, sa2) + + spki_a = asn1Object['tbsCertificate']['subjectPublicKeyInfo']['algorithm'] + self.assertEqual(rfc4491.id_GostR3410_94, spki_a['algorithm']) + + pk_p, rest = der_decoder( + spki_a['parameters'], + asn1Spec=rfc4491.GostR3410_94_PublicKeyParameters()) + + self.assertFalse(rest) + self.assertTrue(pk_p.prettyPrint()) + self.assertEqual(spki_a['parameters'], der_encoder(pk_p)) + self.assertEqual(rfc4357.id_GostR3411_94_CryptoProParamSet, pk_p['digestParamSet']) + + def testOpenTypes(self): + openTypesMap = { + rfc4491.id_GostR3410_94: rfc4491.GostR3410_94_PublicKeyParameters(), + } + + substrate = pem.readBase64fromText(self.gostR3410_94_cert_pem_text) + asn1Object, rest = der_decoder( + substrate, asn1Spec=self.asn1Spec, + openTypes=openTypesMap, decodeOpenTypes=True) + + self.assertFalse(rest) + self.assertTrue(asn1Object.prettyPrint()) + self.assertEqual(substrate, der_encoder(asn1Object)) + + sa1 = asn1Object['signatureAlgorithm']['algorithm'] + self.assertEqual(rfc4491.id_GostR3411_94_with_GostR3410_94, sa1) + + sa2 = asn1Object['tbsCertificate']['signature']['algorithm'] + self.assertEqual(rfc4491.id_GostR3411_94_with_GostR3410_94, sa2) + + spki_a = asn1Object['tbsCertificate']['subjectPublicKeyInfo']['algorithm'] + self.assertEqual(rfc4491.id_GostR3410_94, spki_a['algorithm']) + self.assertEqual(rfc4357.id_GostR3411_94_CryptoProParamSet, spki_a['parameters']['digestParamSet']) + +class GostR34102001CertificateTestCase(unittest.TestCase): + gostR3410_2001_cert_pem_text = """\ +MIIB0DCCAX8CECv1xh7CEb0Xx9zUYma0LiEwCAYGKoUDAgIDMG0xHzAdBgNVBAMM +Fkdvc3RSMzQxMC0yMDAxIGV4YW1wbGUxEjAQBgNVBAoMCUNyeXB0b1BybzELMAkG +A1UEBhMCUlUxKTAnBgkqhkiG9w0BCQEWGkdvc3RSMzQxMC0yMDAxQGV4YW1wbGUu +Y29tMB4XDTA1MDgxNjE0MTgyMFoXDTE1MDgxNjE0MTgyMFowbTEfMB0GA1UEAwwW +R29zdFIzNDEwLTIwMDEgZXhhbXBsZTESMBAGA1UECgwJQ3J5cHRvUHJvMQswCQYD +VQQGEwJSVTEpMCcGCSqGSIb3DQEJARYaR29zdFIzNDEwLTIwMDFAZXhhbXBsZS5j +b20wYzAcBgYqhQMCAhMwEgYHKoUDAgIkAAYHKoUDAgIeAQNDAARAhJVodWACGkB1 +CM0TjDGJLP3lBQN6Q1z0bSsP508yfleP68wWuZWIA9CafIWuD+SN6qa7flbHy7Df +D2a8yuoaYDAIBgYqhQMCAgMDQQA8L8kJRLcnqeyn1en7U23Sw6pkfEQu3u0xFkVP +vFQ/3cHeF26NG+xxtZPz3TaTVXdoiYkXYiD02rEx1bUcM97i +""" + + def setUp(self): + self.asn1Spec = rfc5280.Certificate() + + def testDerCodec(self): + substrate = pem.readBase64fromText(self.gostR3410_2001_cert_pem_text) + asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec) + self.assertFalse(rest) + self.assertTrue(asn1Object.prettyPrint()) + self.assertEqual(substrate, der_encoder(asn1Object)) + + sa1 = asn1Object['signatureAlgorithm']['algorithm'] + self.assertEqual(rfc4491.id_GostR3411_94_with_GostR3410_2001, sa1) + + sa2 = asn1Object['tbsCertificate']['signature']['algorithm'] + self.assertEqual(rfc4491.id_GostR3411_94_with_GostR3410_2001, sa2) + + spki_a = asn1Object['tbsCertificate']['subjectPublicKeyInfo']['algorithm'] + self.assertEqual(rfc4491.id_GostR3410_2001, spki_a['algorithm']) + + pk_p, rest = der_decoder( + spki_a['parameters'], asn1Spec=rfc4491.GostR3410_2001_PublicKeyParameters()) + + self.assertFalse(rest) + self.assertTrue(pk_p.prettyPrint()) + self.assertEqual(spki_a['parameters'], der_encoder(pk_p)) + self.assertEqual(rfc4357.id_GostR3411_94_CryptoProParamSet, pk_p['digestParamSet']) + + def testOpenTypes(self): + openTypeMap = { + rfc4491.id_GostR3410_2001: rfc4491.GostR3410_2001_PublicKeyParameters(), + } + + substrate = pem.readBase64fromText(self.gostR3410_2001_cert_pem_text) + asn1Object, rest = der_decoder( + substrate, asn1Spec=self.asn1Spec, + openTypes=openTypeMap, decodeOpenTypes=True) + + self.assertFalse(rest) + self.assertTrue(asn1Object.prettyPrint()) + self.assertEqual(substrate, der_encoder(asn1Object)) + + sa1 = asn1Object['signatureAlgorithm']['algorithm'] + self.assertEqual(rfc4491.id_GostR3411_94_with_GostR3410_2001, sa1) + + sa2 = asn1Object['tbsCertificate']['signature']['algorithm'] + self.assertEqual(rfc4491.id_GostR3411_94_with_GostR3410_2001, sa2) + + spki_a = asn1Object['tbsCertificate']['subjectPublicKeyInfo']['algorithm'] + self.assertEqual(rfc4491.id_GostR3410_2001, spki_a['algorithm']) + self.assertEqual(rfc4357.id_GostR3411_94_CryptoProParamSet, spki_a['parameters']['digestParamSet']) + + +suite = unittest.TestLoader().loadTestsFromModule(sys.modules[__name__]) + +if __name__ == '__main__': + result = unittest.TextTestRunner(verbosity=2).run(suite) + sys.exit(not result.wasSuccessful()) |