# coding: utf-8
# PyGOST -- Pure Python GOST cryptographic functions library
-# Copyright (C) 2015-2018 Sergey Matveev <stargrave@stargrave.org>
+# Copyright (C) 2015-2021 Sergey Matveev <stargrave@stargrave.org>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
+# the Free Software Foundation, version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
try:
- from pygost.asn1schemas.cms import Gost2814789Parameters
- from pygost.asn1schemas.pfx import EncryptedData
from pygost.asn1schemas.pfx import OctetStringSafeContents
- from pygost.asn1schemas.pfx import PBES2Params
- from pygost.asn1schemas.pfx import PBKDF2Params
from pygost.asn1schemas.pfx import PFX
from pygost.asn1schemas.pfx import PKCS8ShroudedKeyBag
+ from pygost.asn1schemas.pfx import SafeContents
except ImportError:
pyderasn_exists = False
else:
JSg6M8RBUYpw/8ym5ou1o2nDa09M5zF3BCCpzyCQBI+rzfISeKvPV1ROfcXiYU93
mwcl1xQV2G5/fgICB9A=
""")
- password = u'Пароль для PFX'
+ password = u"Пароль для PFX"
def test_shrouded_key_bag(self):
private_key_info_expected = b64decode(b"""
pfx, tail = PFX().decode(self.pfx_raw)
self.assertSequenceEqual(tail, b"")
- octet_string_safe_contents, tail = OctetStringSafeContents().decode(
- bytes(pfx["authSafe"]["content"]),
- )
- self.assertSequenceEqual(tail, b"")
- outer_safe_contents = octet_string_safe_contents["safeContents"]
-
- octet_string_safe_contents, tail = OctetStringSafeContents().decode(
+ _, outer_safe_contents = pfx["authSafe"]["content"].defined
+ safe_contents, tail = OctetStringSafeContents().decode(
bytes(outer_safe_contents[0]["bagValue"]),
)
self.assertSequenceEqual(tail, b"")
- safe_bag = octet_string_safe_contents["safeContents"][0]
+ safe_bag = safe_contents[0]
shrouded_key_bag, tail = PKCS8ShroudedKeyBag().decode(
bytes(safe_bag["bagValue"]),
)
self.assertSequenceEqual(tail, b"")
- pbes2_params, tail = PBES2Params().decode(
- bytes(shrouded_key_bag["encryptionAlgorithm"]["parameters"]),
- )
- self.assertSequenceEqual(tail, b"")
- pbkdf2_params, tail = PBKDF2Params().decode(
- bytes(pbes2_params["keyDerivationFunc"]["parameters"]),
- )
- self.assertSequenceEqual(tail, b"")
- enc_scheme_params, tail = Gost2814789Parameters().decode(
- bytes(pbes2_params["encryptionScheme"]["parameters"]),
- )
- self.assertSequenceEqual(tail, b"")
+ _, pbes2_params = shrouded_key_bag["encryptionAlgorithm"]["parameters"].defined
+ _, pbkdf2_params = pbes2_params["keyDerivationFunc"]["parameters"].defined
+ _, enc_scheme_params = pbes2_params["encryptionScheme"]["parameters"].defined
key = gost34112012_pbkdf2(
password=self.password.encode("utf-8"),
key,
bytes(shrouded_key_bag["encryptedData"]),
iv=bytes(enc_scheme_params["iv"]),
- sbox="Gost28147_tc26_ParamZ",
+ sbox="id-tc26-gost-28147-param-Z",
),
private_key_info_expected,
)
pfx, tail = PFX().decode(self.pfx_raw)
self.assertSequenceEqual(tail, b"")
- octet_string_safe_contents, tail = OctetStringSafeContents().decode(
- bytes(pfx["authSafe"]["content"]),
- )
- self.assertSequenceEqual(tail, b"")
- outer_safe_contents = octet_string_safe_contents["safeContents"]
-
- encrypted_data, tail = EncryptedData().decode(
- bytes(outer_safe_contents[1]["bagValue"]),
- )
- self.assertSequenceEqual(tail, b"")
- pbes2_params, _ = PBES2Params().decode(
- bytes(encrypted_data["encryptedContentInfo"]["contentEncryptionAlgorithm"]["parameters"]),
- )
- self.assertSequenceEqual(tail, b"")
- pbkdf2_params, tail = PBKDF2Params().decode(
- bytes(pbes2_params["keyDerivationFunc"]["parameters"]),
- )
- self.assertSequenceEqual(tail, b"")
- enc_scheme_params, tail = Gost2814789Parameters().decode(
- bytes(pbes2_params["encryptionScheme"]["parameters"]),
- )
- self.assertSequenceEqual(tail, b"")
+ _, outer_safe_contents = pfx["authSafe"]["content"].defined
+ _, encrypted_data = outer_safe_contents[1]["bagValue"].defined
+ _, pbes2_params = encrypted_data["encryptedContentInfo"]["contentEncryptionAlgorithm"]["parameters"].defined
+ _, pbkdf2_params = pbes2_params["keyDerivationFunc"]["parameters"].defined
+ _, enc_scheme_params = pbes2_params["encryptionScheme"]["parameters"].defined
key = gost34112012_pbkdf2(
password=self.password.encode("utf-8"),
salt=bytes(pbkdf2_params["salt"]["specified"]),
key,
bytes(encrypted_data["encryptedContentInfo"]["encryptedContent"]),
iv=bytes(enc_scheme_params["iv"]),
- sbox="Gost28147_tc26_ParamZ",
+ sbox="id-tc26-gost-28147-param-Z",
),
cert_bag_expected,
)
def test_mac(self):
pfx, tail = PFX().decode(self.pfx_raw)
self.assertSequenceEqual(tail, b"")
- octet_string_safe_contents, tail = OctetStringSafeContents().decode(
- bytes(pfx["authSafe"]["content"]),
- )
- self.assertSequenceEqual(tail, b"")
- outer_safe_contents = octet_string_safe_contents["safeContents"]
-
+ _, outer_safe_contents = pfx["authSafe"]["content"].defined
mac_data = pfx["macData"]
mac_key = gost34112012_pbkdf2(
- password=self.password.encode('utf-8'),
+ password=self.password.encode("utf-8"),
salt=bytes(mac_data["macSalt"]),
iterations=int(mac_data["iterations"]),
dklen=96,
self.assertSequenceEqual(
hmac_new(
key=mac_key,
- msg=outer_safe_contents.encode(),
+ msg=SafeContents(outer_safe_contents).encode(),
digestmod=GOST34112012512,
).digest(),
bytes(mac_data["mac"]["digest"]),