tests/testpkey.py

   1 from ctypescrypto.pkey import PKey
   2 from ctypescrypto import pyver
   3 import unittest,re
   4 from base64 import b64decode, b16decode
   5 from subprocess import Popen,PIPE,CalledProcessError
   6
   7 def pem2der(s):
   8     start=s.find('-----\n')
   9     finish=s.rfind('\n-----END')
  10     data=s[start+6:finish]
  11     return b64decode(data)
  12
  13 def runopenssl(args,indata):
  14     p=Popen(['openssl']+args,stdin=PIPE,stdout=PIPE,stderr=PIPE)
  15     (out,err)=p.communicate(indata)
  16     if p.returncode:
  17         raise CalledProcessError(p.returncode," ".join(['openssl']+args)+":"+err)
  18     if pyver > 2:
  19         out = out.decode("utf-8")
  20     return out
  21
  22
  23 class TestPKey(unittest.TestCase):
  24     rsa="""-----BEGIN PRIVATE KEY-----
  25 MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBAL9CzVZu9bczTmB8
  26 776pPUoPo6WbAfwQqqiGrj91bk2mYE+MNLo4yIQH45IcwGzkyS8+YyQJf8Bux5BC
  27 oZ2nwzXm5+JZkxkN1mtMzit2D7/hHmrZLoSbr0sxXFrD4a35RI4hXnSK9Sk01sXA
  28 Te2OgHzm5nk1sG97G6SFq7CHe3gvAgMBAAECgYAgGV8K7Y5xk7vIt88oyZCOuHc3
  29 mP9JRabOp+PgpJ3BjHXHg/lpc5Q7jHNmF0s4O2GEe0z6RFnbevwlOvmS0xAQ1hpg
  30 5TnVVkiZvcJeQaZqWIlEOaLqA12YdhSyorfB6p3tfQ7ZmQusg3SCsru5kPJV4sm0
  31 I+MuRCQZWSzIqelloQJBAPbtScJI0lXx8sktntZi69cAVvLtz5z1T7bZwFakNkNE
  32 SUCjNc/hEEI6/1LScV8Kx9kgQ0+W8smu+GyUDceyVFECQQDGSeS7cTmojkiPQxPB
  33 zb0vS+Nfpq6oYsx+gn5TBgMeWIZZrtMEaUU2o+rwsjKBP/gy6D1zC2b4W5O/A/7a
  34 1GR/AkBUQhYoKKc1UpExGtMXfrvRKrmAvatZeM/Rqi4aooAtpfCFEOw82iStJOqY
  35 /VxYPRqCuaKeVvjT31O/4SlumihxAkBahRU0NKYbuoiJThfQ23lIBB7SZadKG4A7
  36 KJs+j3oQ+lyqyFJwqxX7sazpIJBJzMgjhT24LTZenn++LbbEcz1FAkBmDmxoq7qO
  37 Ao6uTm8fnkD4C836wS4mYAPqwRBK1JvnEXEQee9irf+ip89BAg74ViTcGF9lwJwQ
  38 gOM+X5Db+3pK
  39 -----END PRIVATE KEY-----
  40 """
  41     rsaenc="""-----BEGIN RSA PRIVATE KEY-----
  42 Proc-Type: 4,ENCRYPTED
  43 DEK-Info: AES-256-CBC,7FF0E46291D60D35ACA881131C244655
  44
  45 BeJoui1lRQDvvPr+gH8xCdqkcgKCLWpZTvFZmvrqXmPqMHpm20nK0ESAd6kKm8d1
  46 zaglRIHnnO6V7aDcwgOd3IYPEOnG2TIRQniZrwZdrXIfacscJ6Ekq+5YfLuyrRgq
  47 fscGl7ntm/eGLqwrhzuv7jAXpn9QWiiAld0EWcmZCAW7nGaUQtu4rc4ULwL5SC/M
  48 MOCPwpcD3SCQv55dX3cBOtfZ3lPbpgEpTpnNnj8OtxOkkIaG8yol7luwHvoOSyL/
  49 WuXGCpfJE4LzbxnSLhbiN7q+y/Sro3cGc9aO4tXToMqTFel4zqR0YgOeFazlDRi1
  50 mPuZcGLuSIef0kJn7Mg7jt0DQk579rTVxAhIu2rylTwEozkpCp5g4kGTJON++HQr
  51 BRrApm4XlAoH2GX1jqDBoWSnXCRH49jNGQrLwy469i+994cG8uVU9Z5cqm/LDIR9
  52 kwQfTJIvMi0g28NBMVgJ2gLj40OczxDGyNvBIbhPNswHljfsvPVr4vtxDGx8fS0N
  53 lUJUOL9me+XNZ5xGHYuT5DOr7GE+H3hKEg+XfrYEete9BeI4gm9cqESvrLY9EU5Q
  54 tOtnKKL7SglTZ5LxPMAedADC0o01nzr+D3gAiOhSgoZTrnQsSZ7iTJOtm3vNXwJx
  55 AgesYmXtr5mdiBPKQ1QA/jF5LUZji+5KENd5WHNQw7tOlMLDrPFVRfLZg1AQDljx
  56 u16kdyb71Kk3f6GCOfUntGr+kzppc3DDT+RcLetXphOOEQRy6C6/wmz08WlAPlu5
  57 mFfSDijpWxoUHooQISg5mE82oR8V81aBpbLtm7KevwY=
  58 -----END RSA PRIVATE KEY-----
  59 """
  60     pkcs8crypt="""-----BEGIN ENCRYPTED PRIVATE KEY-----
  61 MIICoTAbBgkqhkiG9w0BBQMwDgQIipVEnsV/gQoCAggABIICgE1i42C4aBhykhOi
  62 EItFRE+9iBgiklGxoCJtukdp1UwDRKy/GJJ1rcS385CQy4Rs0zN8NH1faVRbf4Vt
  63 iNACHtJx30qMCdo64CR+GJYHS4g2lGaz7PFNma8SjnAbGYXwXkdm5zhwmiU++wC7
  64 W59u8oWS8Dj9dZBMzoOQGQT6xzZwQ14H65zHvC16HdKSNtRgXDWkBnD2cQzuOyuf
  65 rFLyEf7/FH6B7/yKDcwsEfu97uPPxMvuusD1UubWnltO/Hc2oCPibN+dGw1PY9mC
  66 18yGQtZkf5z30yhLosF62IVy3XY9Yf/TJYojIExoASrThGRvENzWkQ3qfnErqmng
  67 l+dy66bmLjicobF5bO3xAhpU1dL+4/1ba2QuthVNlg6Or/iII1ntNN4PFyYcEwmX
  68 e09C3dyOtV7qCq13S1bRkbZhzwi2QbLKALAzrZpF6VYmayTz8KjQOZ8BncAM+BiI
  69 CtwuZJoXLW9kT4D7UsaSZdjUvzBIak5qdCGWpKmahMfjEEsCg6ApuIYmFrCgiY9c
  70 0keYjY8DJ+4bEvqsQvTIaU9F9mFytI1E3LnR0NP1jHuOA7Jc+oNQ2adgFNj12jKQ
  71 qNt1bEGNCqQHSrw7JNCrB7s+QAFNqJtno6fIq7vVNkqadJlnBbCIgm7NlJeGg9j6
  72 a5YVNGlbs0J4dQF4Jw13302IBn3piSzthWL2gL98v/1lEwGuernEpPAjry3YhzM9
  73 VA/oVt22n3yVA6dOSVL1oUTJyawEqASmH0jHAzXNDz+QLSLmz82ARcZPqPvVc45e
  74 5h0xtqtFVkQLNbYzpNWGrx7R1hdr84nOKa8EsIxTRgEL/w9Y4Z/3xEoK2+KVBpMk
  75 oxUuxuU=
  76 -----END ENCRYPTED PRIVATE KEY-----
  77 """
  78     password="1111"
  79     rsakeytext="""Public-Key: (1024 bit)
  80 Modulus:
  81     00:bf:42:cd:56:6e:f5:b7:33:4e:60:7c:ef:be:a9:
  82     3d:4a:0f:a3:a5:9b:01:fc:10:aa:a8:86:ae:3f:75:
  83     6e:4d:a6:60:4f:8c:34:ba:38:c8:84:07:e3:92:1c:
  84     c0:6c:e4:c9:2f:3e:63:24:09:7f:c0:6e:c7:90:42:
  85     a1:9d:a7:c3:35:e6:e7:e2:59:93:19:0d:d6:6b:4c:
  86     ce:2b:76:0f:bf:e1:1e:6a:d9:2e:84:9b:af:4b:31:
  87     5c:5a:c3:e1:ad:f9:44:8e:21:5e:74:8a:f5:29:34:
  88     d6:c5:c0:4d:ed:8e:80:7c:e6:e6:79:35:b0:6f:7b:
  89     1b:a4:85:ab:b0:87:7b:78:2f
  90 Exponent: 65537 (0x10001)
  91 """
  92     ec1priv="""-----BEGIN PRIVATE KEY-----
  93 MIGEAgEAMBAGByqGSM49AgEGBSuBBAAKBG0wawIBAQQgKnG6neqZvB98EEuuxnHs
  94 fv+L/5abuNNG20wzUqRpncOhRANCAARWKXWeUZ6WiCKZ2kHx87jmJyx0G3ZB1iQC
  95 +Gp2AJYswbQPhGPigKolzIbZYfwnn7QOca6N8QDhPAn3QQK8trZI
  96 -----END PRIVATE KEY-----
  97 """
  98     ec1keytext="""Public-Key: (256 bit)
  99 pub:
 100     04:56:29:75:9e:51:9e:96:88:22:99:da:41:f1:f3:
 101     b8:e6:27:2c:74:1b:76:41:d6:24:02:f8:6a:76:00:
 102     96:2c:c1:b4:0f:84:63:e2:80:aa:25:cc:86:d9:61:
 103     fc:27:9f:b4:0e:71:ae:8d:f1:00:e1:3c:09:f7:41:
 104     02:bc:b6:b6:48
 105 ASN1 OID: secp256k1
 106 """
 107     ec1pub="""-----BEGIN PUBLIC KEY-----
 108 MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEVil1nlGelogimdpB8fO45icsdBt2QdYk
 109 AvhqdgCWLMG0D4Rj4oCqJcyG2WH8J5+0DnGujfEA4TwJ90ECvLa2SA==
 110 -----END PUBLIC KEY-----
 111 """
 112
 113     def test_unencrypted_pem(self):
 114         key=PKey(privkey=self.rsa)
 115         self.assertTrue(key.cansign)
 116         self.assertIsNotNone(key.key)
 117         self.assertEqual(str(key),self.rsakeytext)
 118     def test_encrypted_pem(self):
 119         key=PKey(privkey=self.rsaenc,password=self.password)
 120         self.assertIsNotNone(key.key)
 121         self.assertEqual(str(key),self.rsakeytext)
 122     def test_encrypted_pem_cb(self):
 123         cb=lambda x:self.password
 124         key=PKey(privkey=self.rsaenc,password=cb)
 125         self.assertIsNotNone(key.key)
 126         self.assertEqual(str(key),self.rsakeytext)
 127     def test_encryped_pem_pkcs8(self):
 128         key=PKey(privkey=self.pkcs8crypt,password=self.password)
 129         self.assertIsNotNone(key.key)
 130         self.assertEqual(str(key),self.rsakeytext)
 131     def test_encrypted_der_pkcs8(self):
 132         pkcs8der = pem2der(self.pkcs8crypt)
 133         key=PKey(privkey=pkcs8der,password=self.password,format="DER")
 134         self.assertIsNotNone(key.key)
 135         self.assertEqual(str(key),self.rsakeytext)
 136     def test_export_priv_pem(self):
 137         key=PKey(privkey=self.ec1priv)
 138         out=key.exportpriv()
 139         self.assertEqual(self.ec1priv,out)
 140     def test_export_priv_encrypt(self):
 141         from ctypescrypto.cipher import CipherType
 142         key=PKey(privkey=self.rsa)
 143         pem=key.exportpriv(password='2222',cipher=CipherType("aes256"))
 144         if pyver >2:
 145             pem = pem.encode("ascii")
 146         self.assertEqual(runopenssl(["pkey","-text_pub","-noout","-passin","pass:2222"],
 147                                     pem),self.rsakeytext)
 148     def test_export_priv_der(self):
 149         key=PKey(privkey=self.rsa)
 150         der=key.exportpriv(format="DER")
 151         self.assertEqual(runopenssl(["pkey","-text_pub","-noout","-inform","DER"],
 152             der),self.rsakeytext)
 153     def test_export_priv_der_enc(self):
 154         from ctypescrypto.cipher import CipherType
 155         key=PKey(privkey=self.rsa)
 156         der=key.exportpriv(format="DER",password='2222',cipher=CipherType("aes256"))
 157         self.assertEqual(runopenssl(["pkcs8","-passin","pass:2222","-inform","DER"],
 158             der),self.rsa)
 159     def test_unencrypted_pem_ec(self):
 160
 161         key=PKey(privkey=self.ec1priv)
 162         self.assertIsNotNone(key.key)
 163         self.assertEqual(re.sub("pub: \n","pub:\n",str(key)),self.ec1keytext)
 164     def test_unencrypted_der_ec(self):
 165         key=PKey(privkey=pem2der(self.ec1priv),format="DER")
 166         self.assertIsNotNone(key.key)
 167         self.assertEqual(re.sub("pub: \n","pub:\n",str(key)),self.ec1keytext)
 168     def test_pubkey_pem(self):
 169         key=PKey(pubkey=self.ec1pub)
 170         self.assertIsNotNone(key.key)
 171         self.assertEqual(re.sub("pub: \n","pub:\n",str(key)),self.ec1keytext)
 172     def test_pubkey_der(self):
 173         key=PKey(pubkey=pem2der(self.ec1pub),format="DER")
 174         self.assertIsNotNone(key.key)
 175         self.assertEqual(re.sub("pub: \n","pub:\n",str(key)),self.ec1keytext)
 176     def test_compare(self):
 177         key1=PKey(privkey=self.ec1priv)
 178         self.assertIsNotNone(key1.key)
 179         key2=PKey(pubkey=self.ec1pub)
 180         self.assertIsNotNone(key2.key)
 181         self.assertEqual(key1,key2)
 182     def test_sign(self):
 183         signer=PKey(privkey=self.ec1priv)
 184         digest=b16decode("FFCA2587CFD4846E4CB975B503C9EB940F94566AA394E8BD571458B9DA5097D5")
 185         signature=signer.sign(digest)
 186         self.assertTrue(len(signature)>0)
 187         verifier=PKey(pubkey=self.ec1pub)
 188         self.assertTrue(verifier.verify(digest,signature))
 189     def test_generate(self):
 190         newkey=PKey.generate("rsa")
 191         self.assertIsNotNone(newkey.key)
 192         s=str(newkey)
 193         self.assertEqual(s[:s.find("\n")],"Public-Key: (1024 bit)")
 194     def test_generate_params(self):
 195         newkey=PKey.generate("rsa",rsa_keygen_bits=2048)
 196         self.assertIsNotNone(newkey.key)
 197         s=str(newkey)
 198         self.assertEqual(s[:s.find("\n")],"Public-Key: (2048 bit)")
 199     def test_generate_ec(self):
 200         templkey=PKey(pubkey=self.ec1pub)
 201         newkey=PKey.generate("ec",paramsfrom=templkey)
 202         self.assertIsNotNone(newkey.key)
 203         s=str(newkey)
 204         self.assertEqual(s[:s.find("\n")],"Public-Key: (256 bit)")
 205         self.assertNotEqual(str(templkey),str(newkey))
 206 if __name__ == "__main__":
 207     unittest.main()