1 from ctypescrypto.pkey import PKey
2 from ctypescrypto import pyver
4 from base64 import b64decode, b16decode
5 from subprocess import Popen,PIPE,CalledProcessError
8 start=s.find('-----\n')
9 finish=s.rfind('\n-----END')
10 data=s[start+6:finish]
11 return b64decode(data)
13 def runopenssl(args,indata):
14 p=Popen(['openssl']+args,stdin=PIPE,stdout=PIPE,stderr=PIPE)
15 (out,err)=p.communicate(indata)
17 raise CalledProcessError(p.returncode," ".join(['openssl']+args)+":"+err)
19 out = out.decode("utf-8")
23 class TestPKey(unittest.TestCase):
24 rsa="""-----BEGIN PRIVATE KEY-----
25 MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBAL9CzVZu9bczTmB8
26 776pPUoPo6WbAfwQqqiGrj91bk2mYE+MNLo4yIQH45IcwGzkyS8+YyQJf8Bux5BC
27 oZ2nwzXm5+JZkxkN1mtMzit2D7/hHmrZLoSbr0sxXFrD4a35RI4hXnSK9Sk01sXA
28 Te2OgHzm5nk1sG97G6SFq7CHe3gvAgMBAAECgYAgGV8K7Y5xk7vIt88oyZCOuHc3
29 mP9JRabOp+PgpJ3BjHXHg/lpc5Q7jHNmF0s4O2GEe0z6RFnbevwlOvmS0xAQ1hpg
30 5TnVVkiZvcJeQaZqWIlEOaLqA12YdhSyorfB6p3tfQ7ZmQusg3SCsru5kPJV4sm0
31 I+MuRCQZWSzIqelloQJBAPbtScJI0lXx8sktntZi69cAVvLtz5z1T7bZwFakNkNE
32 SUCjNc/hEEI6/1LScV8Kx9kgQ0+W8smu+GyUDceyVFECQQDGSeS7cTmojkiPQxPB
33 zb0vS+Nfpq6oYsx+gn5TBgMeWIZZrtMEaUU2o+rwsjKBP/gy6D1zC2b4W5O/A/7a
34 1GR/AkBUQhYoKKc1UpExGtMXfrvRKrmAvatZeM/Rqi4aooAtpfCFEOw82iStJOqY
35 /VxYPRqCuaKeVvjT31O/4SlumihxAkBahRU0NKYbuoiJThfQ23lIBB7SZadKG4A7
36 KJs+j3oQ+lyqyFJwqxX7sazpIJBJzMgjhT24LTZenn++LbbEcz1FAkBmDmxoq7qO
37 Ao6uTm8fnkD4C836wS4mYAPqwRBK1JvnEXEQee9irf+ip89BAg74ViTcGF9lwJwQ
39 -----END PRIVATE KEY-----
41 rsaenc="""-----BEGIN RSA PRIVATE KEY-----
42 Proc-Type: 4,ENCRYPTED
43 DEK-Info: AES-256-CBC,7FF0E46291D60D35ACA881131C244655
45 BeJoui1lRQDvvPr+gH8xCdqkcgKCLWpZTvFZmvrqXmPqMHpm20nK0ESAd6kKm8d1
46 zaglRIHnnO6V7aDcwgOd3IYPEOnG2TIRQniZrwZdrXIfacscJ6Ekq+5YfLuyrRgq
47 fscGl7ntm/eGLqwrhzuv7jAXpn9QWiiAld0EWcmZCAW7nGaUQtu4rc4ULwL5SC/M
48 MOCPwpcD3SCQv55dX3cBOtfZ3lPbpgEpTpnNnj8OtxOkkIaG8yol7luwHvoOSyL/
49 WuXGCpfJE4LzbxnSLhbiN7q+y/Sro3cGc9aO4tXToMqTFel4zqR0YgOeFazlDRi1
50 mPuZcGLuSIef0kJn7Mg7jt0DQk579rTVxAhIu2rylTwEozkpCp5g4kGTJON++HQr
51 BRrApm4XlAoH2GX1jqDBoWSnXCRH49jNGQrLwy469i+994cG8uVU9Z5cqm/LDIR9
52 kwQfTJIvMi0g28NBMVgJ2gLj40OczxDGyNvBIbhPNswHljfsvPVr4vtxDGx8fS0N
53 lUJUOL9me+XNZ5xGHYuT5DOr7GE+H3hKEg+XfrYEete9BeI4gm9cqESvrLY9EU5Q
54 tOtnKKL7SglTZ5LxPMAedADC0o01nzr+D3gAiOhSgoZTrnQsSZ7iTJOtm3vNXwJx
55 AgesYmXtr5mdiBPKQ1QA/jF5LUZji+5KENd5WHNQw7tOlMLDrPFVRfLZg1AQDljx
56 u16kdyb71Kk3f6GCOfUntGr+kzppc3DDT+RcLetXphOOEQRy6C6/wmz08WlAPlu5
57 mFfSDijpWxoUHooQISg5mE82oR8V81aBpbLtm7KevwY=
58 -----END RSA PRIVATE KEY-----
60 pkcs8crypt="""-----BEGIN ENCRYPTED PRIVATE KEY-----
61 MIICoTAbBgkqhkiG9w0BBQMwDgQIipVEnsV/gQoCAggABIICgE1i42C4aBhykhOi
62 EItFRE+9iBgiklGxoCJtukdp1UwDRKy/GJJ1rcS385CQy4Rs0zN8NH1faVRbf4Vt
63 iNACHtJx30qMCdo64CR+GJYHS4g2lGaz7PFNma8SjnAbGYXwXkdm5zhwmiU++wC7
64 W59u8oWS8Dj9dZBMzoOQGQT6xzZwQ14H65zHvC16HdKSNtRgXDWkBnD2cQzuOyuf
65 rFLyEf7/FH6B7/yKDcwsEfu97uPPxMvuusD1UubWnltO/Hc2oCPibN+dGw1PY9mC
66 18yGQtZkf5z30yhLosF62IVy3XY9Yf/TJYojIExoASrThGRvENzWkQ3qfnErqmng
67 l+dy66bmLjicobF5bO3xAhpU1dL+4/1ba2QuthVNlg6Or/iII1ntNN4PFyYcEwmX
68 e09C3dyOtV7qCq13S1bRkbZhzwi2QbLKALAzrZpF6VYmayTz8KjQOZ8BncAM+BiI
69 CtwuZJoXLW9kT4D7UsaSZdjUvzBIak5qdCGWpKmahMfjEEsCg6ApuIYmFrCgiY9c
70 0keYjY8DJ+4bEvqsQvTIaU9F9mFytI1E3LnR0NP1jHuOA7Jc+oNQ2adgFNj12jKQ
71 qNt1bEGNCqQHSrw7JNCrB7s+QAFNqJtno6fIq7vVNkqadJlnBbCIgm7NlJeGg9j6
72 a5YVNGlbs0J4dQF4Jw13302IBn3piSzthWL2gL98v/1lEwGuernEpPAjry3YhzM9
73 VA/oVt22n3yVA6dOSVL1oUTJyawEqASmH0jHAzXNDz+QLSLmz82ARcZPqPvVc45e
74 5h0xtqtFVkQLNbYzpNWGrx7R1hdr84nOKa8EsIxTRgEL/w9Y4Z/3xEoK2+KVBpMk
76 -----END ENCRYPTED PRIVATE KEY-----
79 rsakeytext="""Public-Key: (1024 bit)
81 00:bf:42:cd:56:6e:f5:b7:33:4e:60:7c:ef:be:a9:
82 3d:4a:0f:a3:a5:9b:01:fc:10:aa:a8:86:ae:3f:75:
83 6e:4d:a6:60:4f:8c:34:ba:38:c8:84:07:e3:92:1c:
84 c0:6c:e4:c9:2f:3e:63:24:09:7f:c0:6e:c7:90:42:
85 a1:9d:a7:c3:35:e6:e7:e2:59:93:19:0d:d6:6b:4c:
86 ce:2b:76:0f:bf:e1:1e:6a:d9:2e:84:9b:af:4b:31:
87 5c:5a:c3:e1:ad:f9:44:8e:21:5e:74:8a:f5:29:34:
88 d6:c5:c0:4d:ed:8e:80:7c:e6:e6:79:35:b0:6f:7b:
89 1b:a4:85:ab:b0:87:7b:78:2f
90 Exponent: 65537 (0x10001)
92 ec1priv="""-----BEGIN PRIVATE KEY-----
93 MIGEAgEAMBAGByqGSM49AgEGBSuBBAAKBG0wawIBAQQgKnG6neqZvB98EEuuxnHs
94 fv+L/5abuNNG20wzUqRpncOhRANCAARWKXWeUZ6WiCKZ2kHx87jmJyx0G3ZB1iQC
95 +Gp2AJYswbQPhGPigKolzIbZYfwnn7QOca6N8QDhPAn3QQK8trZI
96 -----END PRIVATE KEY-----
98 ec1keytext="""Public-Key: (256 bit)
100 04:56:29:75:9e:51:9e:96:88:22:99:da:41:f1:f3:
101 b8:e6:27:2c:74:1b:76:41:d6:24:02:f8:6a:76:00:
102 96:2c:c1:b4:0f:84:63:e2:80:aa:25:cc:86:d9:61:
103 fc:27:9f:b4:0e:71:ae:8d:f1:00:e1:3c:09:f7:41:
107 ec1pub="""-----BEGIN PUBLIC KEY-----
108 MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEVil1nlGelogimdpB8fO45icsdBt2QdYk
109 AvhqdgCWLMG0D4Rj4oCqJcyG2WH8J5+0DnGujfEA4TwJ90ECvLa2SA==
110 -----END PUBLIC KEY-----
113 def test_unencrypted_pem(self):
114 key=PKey(privkey=self.rsa)
115 self.assertTrue(key.cansign)
116 self.assertIsNotNone(key.key)
117 self.assertEqual(str(key),self.rsakeytext)
118 def test_encrypted_pem(self):
119 key=PKey(privkey=self.rsaenc,password=self.password)
120 self.assertIsNotNone(key.key)
121 self.assertEqual(str(key),self.rsakeytext)
122 def test_encrypted_pem_cb(self):
123 cb=lambda x:self.password
124 key=PKey(privkey=self.rsaenc,password=cb)
125 self.assertIsNotNone(key.key)
126 self.assertEqual(str(key),self.rsakeytext)
127 def test_encryped_pem_pkcs8(self):
128 key=PKey(privkey=self.pkcs8crypt,password=self.password)
129 self.assertIsNotNone(key.key)
130 self.assertEqual(str(key),self.rsakeytext)
131 def test_encrypted_der_pkcs8(self):
132 pkcs8der = pem2der(self.pkcs8crypt)
133 key=PKey(privkey=pkcs8der,password=self.password,format="DER")
134 self.assertIsNotNone(key.key)
135 self.assertEqual(str(key),self.rsakeytext)
136 def test_export_priv_pem(self):
137 key=PKey(privkey=self.ec1priv)
139 self.assertEqual(self.ec1priv,out)
140 def test_export_priv_encrypt(self):
141 from ctypescrypto.cipher import CipherType
142 key=PKey(privkey=self.rsa)
143 pem=key.exportpriv(password='2222',cipher=CipherType("aes256"))
145 pem = pem.encode("ascii")
146 self.assertEqual(runopenssl(["pkey","-text_pub","-noout","-passin","pass:2222"],
147 pem),self.rsakeytext)
148 def test_export_priv_der(self):
149 key=PKey(privkey=self.rsa)
150 der=key.exportpriv(format="DER")
151 self.assertEqual(runopenssl(["pkey","-text_pub","-noout","-inform","DER"],
152 der),self.rsakeytext)
153 def test_export_priv_der_enc(self):
154 from ctypescrypto.cipher import CipherType
155 key=PKey(privkey=self.rsa)
156 der=key.exportpriv(format="DER",password='2222',cipher=CipherType("aes256"))
157 self.assertEqual(runopenssl(["pkcs8","-passin","pass:2222","-inform","DER"],
159 def test_unencrypted_pem_ec(self):
161 key=PKey(privkey=self.ec1priv)
162 self.assertIsNotNone(key.key)
163 self.assertEqual(re.sub("pub: \n","pub:\n",str(key)),self.ec1keytext)
164 def test_unencrypted_der_ec(self):
165 key=PKey(privkey=pem2der(self.ec1priv),format="DER")
166 self.assertIsNotNone(key.key)
167 self.assertEqual(re.sub("pub: \n","pub:\n",str(key)),self.ec1keytext)
168 def test_pubkey_pem(self):
169 key=PKey(pubkey=self.ec1pub)
170 self.assertIsNotNone(key.key)
171 self.assertEqual(re.sub("pub: \n","pub:\n",str(key)),self.ec1keytext)
172 def test_pubkey_der(self):
173 key=PKey(pubkey=pem2der(self.ec1pub),format="DER")
174 self.assertIsNotNone(key.key)
175 self.assertEqual(re.sub("pub: \n","pub:\n",str(key)),self.ec1keytext)
176 def test_compare(self):
177 key1=PKey(privkey=self.ec1priv)
178 self.assertIsNotNone(key1.key)
179 key2=PKey(pubkey=self.ec1pub)
180 self.assertIsNotNone(key2.key)
181 self.assertEqual(key1,key2)
183 signer=PKey(privkey=self.ec1priv)
184 digest=b16decode("FFCA2587CFD4846E4CB975B503C9EB940F94566AA394E8BD571458B9DA5097D5")
185 signature=signer.sign(digest)
186 self.assertTrue(len(signature)>0)
187 verifier=PKey(pubkey=self.ec1pub)
188 self.assertTrue(verifier.verify(digest,signature))
189 def test_generate(self):
190 newkey=PKey.generate("rsa")
191 self.assertIsNotNone(newkey.key)
193 self.assertEqual(s[:s.find("\n")],"Public-Key: (1024 bit)")
194 def test_generate_params(self):
195 newkey=PKey.generate("rsa",rsa_keygen_bits=2048)
196 self.assertIsNotNone(newkey.key)
198 self.assertEqual(s[:s.find("\n")],"Public-Key: (2048 bit)")
199 def test_generate_ec(self):
200 templkey=PKey(pubkey=self.ec1pub)
201 newkey=PKey.generate("ec",paramsfrom=templkey)
202 self.assertIsNotNone(newkey.key)
204 self.assertEqual(s[:s.find("\n")],"Public-Key: (256 bit)")
205 self.assertNotEqual(str(templkey),str(newkey))
206 if __name__ == "__main__":