2016-01-17 23:04:11 +01:00
|
|
|
# ===================================================================
|
|
|
|
|
#
|
|
|
|
|
# Copyright (c) 2015, Legrandin <helderijs@gmail.com>
|
|
|
|
|
# All rights reserved.
|
|
|
|
|
#
|
|
|
|
|
# Redistribution and use in source and binary forms, with or without
|
|
|
|
|
# modification, are permitted provided that the following conditions
|
|
|
|
|
# are met:
|
|
|
|
|
#
|
|
|
|
|
# 1. Redistributions of source code must retain the above copyright
|
|
|
|
|
# notice, this list of conditions and the following disclaimer.
|
|
|
|
|
# 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
|
# notice, this list of conditions and the following disclaimer in
|
|
|
|
|
# the documentation and/or other materials provided with the
|
|
|
|
|
# distribution.
|
|
|
|
|
#
|
|
|
|
|
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
|
|
|
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
|
|
|
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
|
|
|
|
|
# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
|
|
|
|
|
# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
|
|
|
|
|
# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
|
|
|
|
|
# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
|
|
|
|
# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
|
|
|
|
|
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
|
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
|
|
|
|
|
# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
|
|
|
|
# POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
|
# ===================================================================
|
|
|
|
|
|
|
|
|
|
import unittest
|
|
|
|
|
from Crypto.SelfTest.st_common import list_test_cases
|
|
|
|
|
from Crypto.Util._file_system import pycryptodome_filename
|
2016-01-26 22:05:02 +01:00
|
|
|
from Crypto.Util.py3compat import b, unhexlify, bord, tostr
|
2016-01-17 23:04:11 +01:00
|
|
|
from Crypto.Util.number import bytes_to_long
|
|
|
|
|
|
|
|
|
|
from Crypto.PublicKey import ECC
|
|
|
|
|
|
2016-01-27 08:44:43 +01:00
|
|
|
def load_file(filename, mode="rb"):
|
2016-01-17 23:04:11 +01:00
|
|
|
fd = open(pycryptodome_filename([
|
|
|
|
|
"Crypto",
|
|
|
|
|
"SelfTest",
|
|
|
|
|
"PublicKey",
|
|
|
|
|
"test_vectors",
|
|
|
|
|
"ECC",
|
2016-01-27 08:44:43 +01:00
|
|
|
], filename), mode)
|
2016-01-17 23:04:11 +01:00
|
|
|
return fd.read()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def compact(lines):
|
2016-01-26 22:05:02 +01:00
|
|
|
ext = b("").join(lines)
|
|
|
|
|
return unhexlify(tostr(ext).replace(" ", "").replace(":", ""))
|
2016-01-17 23:04:11 +01:00
|
|
|
|
|
|
|
|
|
|
|
|
|
def create_ref_keys():
|
|
|
|
|
key_lines = load_file("ecc_p256.txt").splitlines()
|
|
|
|
|
private_key_d = bytes_to_long(compact(key_lines[2:5]))
|
|
|
|
|
public_key_xy = compact(key_lines[6:11])
|
|
|
|
|
assert bord(public_key_xy[0]) == 4 # Uncompressed
|
|
|
|
|
public_key_x = bytes_to_long(public_key_xy[1:33])
|
|
|
|
|
public_key_y = bytes_to_long(public_key_xy[33:])
|
|
|
|
|
|
|
|
|
|
return (ECC.construct(curve="P-256", d=private_key_d),
|
|
|
|
|
ECC.construct(curve="P-256", point_x=public_key_x, point_y=public_key_y))
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Create reference key pair
|
|
|
|
|
ref_private, ref_public = create_ref_keys()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class TestImport(unittest.TestCase):
|
|
|
|
|
|
|
|
|
|
def test_import_public_der(self):
|
|
|
|
|
key_file = load_file("ecc_p256_public.der")
|
|
|
|
|
|
|
|
|
|
key = ECC._import_subjectPublicKeyInfo(key_file)
|
|
|
|
|
self.assertEqual(ref_public, key)
|
|
|
|
|
|
|
|
|
|
key = ECC._import_der(key_file, None)
|
|
|
|
|
self.assertEqual(ref_public, key)
|
|
|
|
|
|
2016-01-26 22:05:02 +01:00
|
|
|
key = ECC.import_key(key_file)
|
|
|
|
|
self.assertEqual(ref_public, key)
|
|
|
|
|
|
2016-01-17 23:04:11 +01:00
|
|
|
def test_import_private_der(self):
|
|
|
|
|
key_file = load_file("ecc_p256_private.der")
|
|
|
|
|
|
|
|
|
|
key = ECC._import_private_der(key_file, None)
|
|
|
|
|
self.assertEqual(ref_private, key)
|
|
|
|
|
|
|
|
|
|
key = ECC._import_der(key_file, None)
|
|
|
|
|
self.assertEqual(ref_private, key)
|
|
|
|
|
|
2016-01-26 22:05:02 +01:00
|
|
|
key = ECC.import_key(key_file)
|
|
|
|
|
self.assertEqual(ref_private, key)
|
|
|
|
|
|
2016-01-17 23:04:11 +01:00
|
|
|
def test_import_private_pkcs8_clear(self):
|
|
|
|
|
key_file = load_file("ecc_p256_private_p8_clear.der")
|
|
|
|
|
|
|
|
|
|
key = ECC._import_der(key_file, None)
|
|
|
|
|
self.assertEqual(ref_private, key)
|
|
|
|
|
|
2016-01-26 22:05:02 +01:00
|
|
|
key = ECC.import_key(key_file)
|
|
|
|
|
self.assertEqual(ref_private, key)
|
|
|
|
|
|
2016-01-27 08:44:43 +01:00
|
|
|
def test_import_private_pkcs8_in_pem_clear(self):
|
|
|
|
|
key_file = load_file("ecc_p256_private_p8_clear.pem")
|
|
|
|
|
|
|
|
|
|
key = ECC.import_key(key_file)
|
|
|
|
|
self.assertEqual(ref_private, key)
|
|
|
|
|
|
|
|
|
|
def test_import_private_pkcs8_encrypted_1(self):
|
2016-01-25 21:00:46 +01:00
|
|
|
key_file = load_file("ecc_p256_private_p8.der")
|
|
|
|
|
|
|
|
|
|
key = ECC._import_der(key_file, "secret")
|
|
|
|
|
self.assertEqual(ref_private, key)
|
2016-01-17 23:04:11 +01:00
|
|
|
|
2016-01-26 22:05:02 +01:00
|
|
|
key = ECC.import_key(key_file, "secret")
|
|
|
|
|
self.assertEqual(ref_private, key)
|
|
|
|
|
|
2016-01-27 08:44:43 +01:00
|
|
|
def test_import_private_pkcs8_encrypted_2(self):
|
|
|
|
|
key_file = load_file("ecc_p256_private_p8.pem")
|
|
|
|
|
|
|
|
|
|
key = ECC.import_key(key_file, "secret")
|
|
|
|
|
self.assertEqual(ref_private, key)
|
|
|
|
|
|
2016-01-26 21:02:55 +01:00
|
|
|
def test_import_x509_der(self):
|
|
|
|
|
key_file = load_file("ecc_p256_x509.der")
|
|
|
|
|
|
|
|
|
|
key = ECC._import_der(key_file, None)
|
|
|
|
|
self.assertEqual(ref_public, key)
|
|
|
|
|
|
2016-01-26 22:05:02 +01:00
|
|
|
key = ECC.import_key(key_file)
|
|
|
|
|
self.assertEqual(ref_public, key)
|
|
|
|
|
|
|
|
|
|
def test_import_public_pem(self):
|
|
|
|
|
key_file = load_file("ecc_p256_public.pem")
|
|
|
|
|
|
|
|
|
|
key = ECC.import_key(key_file)
|
|
|
|
|
self.assertEqual(ref_public, key)
|
|
|
|
|
|
|
|
|
|
def test_import_private_pem(self):
|
|
|
|
|
key_file = load_file("ecc_p256_private.pem")
|
|
|
|
|
|
|
|
|
|
key = ECC.import_key(key_file)
|
|
|
|
|
self.assertEqual(ref_private, key)
|
|
|
|
|
|
|
|
|
|
def test_import_private_pem_encrypted(self):
|
2016-01-27 08:44:43 +01:00
|
|
|
for algo in "des3", : # TODO: , "aes128", "aes192", "aes256_gcm":
|
|
|
|
|
key_file = load_file("ecc_p256_private_enc_%s.pem" % algo)
|
2016-01-26 22:05:02 +01:00
|
|
|
|
2016-01-27 08:44:43 +01:00
|
|
|
key = ECC.import_key(key_file, "secret")
|
|
|
|
|
self.assertEqual(ref_private, key)
|
2016-01-26 22:05:02 +01:00
|
|
|
|
2016-01-27 08:44:43 +01:00
|
|
|
key = ECC.import_key(tostr(key_file), b("secret"))
|
|
|
|
|
self.assertEqual(ref_private, key)
|
2016-01-26 22:05:02 +01:00
|
|
|
|
|
|
|
|
def test_import_x509_pem(self):
|
|
|
|
|
key_file = load_file("ecc_p256_x509.pem")
|
|
|
|
|
|
|
|
|
|
key = ECC.import_key(key_file)
|
|
|
|
|
self.assertEqual(ref_public, key)
|
|
|
|
|
|
|
|
|
|
def test_import_openssh(self):
|
|
|
|
|
key_file = load_file("ecc_p256_public_openssh.txt")
|
|
|
|
|
|
|
|
|
|
key = ECC._import_openssh(key_file)
|
|
|
|
|
self.assertEqual(ref_public, key)
|
|
|
|
|
|
|
|
|
|
key = ECC.import_key(key_file)
|
|
|
|
|
self.assertEqual(ref_public, key)
|
2016-01-26 21:02:55 +01:00
|
|
|
|
2016-01-17 23:04:11 +01:00
|
|
|
|
2016-01-27 08:44:43 +01:00
|
|
|
class TestExport(unittest.TestCase):
|
|
|
|
|
|
|
|
|
|
def test_export_public_der(self):
|
|
|
|
|
key_file = load_file("ecc_p256_public.der")
|
|
|
|
|
|
|
|
|
|
encoded = ref_public._export_subjectPublicKeyInfo()
|
|
|
|
|
self.assertEqual(key_file, encoded)
|
|
|
|
|
|
|
|
|
|
# ---
|
|
|
|
|
|
|
|
|
|
encoded = ref_public.export_key(format="DER")
|
|
|
|
|
self.assertEqual(key_file, encoded)
|
|
|
|
|
|
|
|
|
|
def test_export_private_der(self):
|
|
|
|
|
key_file = load_file("ecc_p256_private.der")
|
|
|
|
|
|
|
|
|
|
encoded = ref_private._export_private_der()
|
|
|
|
|
self.assertEqual(key_file, encoded)
|
|
|
|
|
|
|
|
|
|
# ---
|
|
|
|
|
|
|
|
|
|
encoded = ref_private.export_key(format="DER", use_pkcs8=False)
|
|
|
|
|
self.assertEqual(key_file, encoded)
|
|
|
|
|
|
|
|
|
|
def test_export_private_pkcs8_clear(self):
|
|
|
|
|
key_file = load_file("ecc_p256_private_p8_clear.der")
|
|
|
|
|
|
|
|
|
|
encoded = ref_private._export_pkcs8()
|
|
|
|
|
self.assertEqual(key_file, encoded)
|
|
|
|
|
|
|
|
|
|
# ---
|
|
|
|
|
|
|
|
|
|
encoded = ref_private.export_key(format="DER")
|
|
|
|
|
self.assertEqual(key_file, encoded)
|
|
|
|
|
|
|
|
|
|
def test_export_private_pkcs8_encrypted(self):
|
|
|
|
|
encoded = ref_private._export_pkcs8(passphrase="secret",
|
|
|
|
|
protection="PBKDF2WithHMAC-SHA1AndAES128-CBC")
|
|
|
|
|
|
|
|
|
|
# This should prove that the output is password-protected
|
|
|
|
|
self.assertRaises(ValueError, ECC._import_pkcs8, encoded, None)
|
|
|
|
|
|
|
|
|
|
decoded = ECC._import_pkcs8(encoded, "secret")
|
|
|
|
|
self.assertEqual(ref_private, decoded)
|
|
|
|
|
|
|
|
|
|
# ---
|
|
|
|
|
|
|
|
|
|
encoded = ref_private.export_key(format="DER",
|
|
|
|
|
passphrase="secret",
|
|
|
|
|
protection="PBKDF2WithHMAC-SHA1AndAES128-CBC")
|
|
|
|
|
decoded = ECC.import_key(encoded, "secret")
|
|
|
|
|
self.assertEqual(ref_private, decoded)
|
|
|
|
|
|
|
|
|
|
def test_export_public_pem(self):
|
|
|
|
|
key_file = load_file("ecc_p256_public.pem", "rt").strip()
|
|
|
|
|
|
|
|
|
|
encoded = ref_private._export_public_pem()
|
|
|
|
|
self.assertEqual(key_file, encoded)
|
|
|
|
|
|
|
|
|
|
# ---
|
|
|
|
|
|
|
|
|
|
encoded = ref_public.export_key(format="PEM")
|
|
|
|
|
self.assertEqual(key_file, encoded)
|
|
|
|
|
|
|
|
|
|
def test_export_private_pem_clear(self):
|
|
|
|
|
key_file = load_file("ecc_p256_private.pem", "rt").strip()
|
|
|
|
|
|
|
|
|
|
encoded = ref_private._export_private_pem(None)
|
|
|
|
|
self.assertEqual(key_file, encoded)
|
|
|
|
|
|
|
|
|
|
# ---
|
|
|
|
|
|
|
|
|
|
encoded = ref_private.export_key(format="PEM", use_pkcs8=False)
|
|
|
|
|
self.assertEqual(key_file, encoded)
|
|
|
|
|
|
|
|
|
|
def test_export_private_pem_encrypted(self):
|
|
|
|
|
encoded = ref_private._export_private_pem(passphrase=b("secret"))
|
|
|
|
|
|
|
|
|
|
# This should prove that the output is password-protected
|
|
|
|
|
self.assertRaises(ValueError, ECC.import_key, encoded)
|
|
|
|
|
|
|
|
|
|
assert "EC PRIVATE KEY" in encoded
|
|
|
|
|
|
|
|
|
|
decoded = ECC.import_key(encoded, "secret")
|
|
|
|
|
self.assertEqual(ref_private, decoded)
|
|
|
|
|
|
|
|
|
|
# ---
|
|
|
|
|
|
|
|
|
|
encoded = ref_private.export_key(format="PEM",
|
|
|
|
|
passphrase="secret",
|
|
|
|
|
use_pkcs8=False)
|
|
|
|
|
decoded = ECC.import_key(encoded, "secret")
|
|
|
|
|
self.assertEqual(ref_private, decoded)
|
|
|
|
|
|
|
|
|
|
def test_export_private_pkcs8_and_pem_1(self):
|
|
|
|
|
# PKCS8 inside PEM with both unencrypted
|
|
|
|
|
key_file = load_file("ecc_p256_private_p8_clear.pem", "rt").strip()
|
|
|
|
|
|
|
|
|
|
encoded = ref_private._export_private_clear_pkcs8_in_clear_pem()
|
|
|
|
|
self.assertEqual(key_file, encoded)
|
|
|
|
|
|
|
|
|
|
# ---
|
|
|
|
|
|
|
|
|
|
encoded = ref_private.export_key(format="PEM")
|
|
|
|
|
self.assertEqual(key_file, encoded)
|
|
|
|
|
|
|
|
|
|
def test_export_private_pkcs8_and_pem_2(self):
|
|
|
|
|
# PKCS8 inside PEM with PKCS8 encryption
|
|
|
|
|
encoded = ref_private._export_private_encrypted_pkcs8_in_clear_pem("secret",
|
|
|
|
|
protection="PBKDF2WithHMAC-SHA1AndAES128-CBC")
|
|
|
|
|
|
|
|
|
|
# This should prove that the output is password-protected
|
|
|
|
|
self.assertRaises(ValueError, ECC.import_key, encoded)
|
|
|
|
|
|
|
|
|
|
assert "ENCRYPTED PRIVATE KEY" in encoded
|
|
|
|
|
|
|
|
|
|
decoded = ECC.import_key(encoded, "secret")
|
|
|
|
|
self.assertEqual(ref_private, decoded)
|
|
|
|
|
|
|
|
|
|
# ---
|
|
|
|
|
|
|
|
|
|
encoded = ref_private.export_key(format="PEM",
|
|
|
|
|
passphrase="secret",
|
|
|
|
|
protection="PBKDF2WithHMAC-SHA1AndAES128-CBC")
|
|
|
|
|
decoded = ECC.import_key(encoded, "secret")
|
|
|
|
|
self.assertEqual(ref_private, decoded)
|
|
|
|
|
|
|
|
|
|
|
2016-01-17 23:04:11 +01:00
|
|
|
def get_tests(config={}):
|
|
|
|
|
tests = []
|
|
|
|
|
tests += list_test_cases(TestImport)
|
2016-01-27 08:44:43 +01:00
|
|
|
tests += list_test_cases(TestExport)
|
2016-01-17 23:04:11 +01:00
|
|
|
return tests
|
|
|
|
|
|
|
|
|
|
if __name__ == '__main__':
|
|
|
|
|
suite = lambda: unittest.TestSuite(get_tests())
|
|
|
|
|
unittest.main(defaultTest='suite')
|
