diff options
author | Russ Housley <housley@vigilsec.com> | 2019-10-20 02:00:29 -0400 |
---|---|---|
committer | Ilya Etingof <etingof@gmail.com> | 2019-10-20 08:00:29 +0200 |
commit | da35e37e01f12711f00e41a46f2cbe79311285e7 (patch) | |
tree | 8ee52ac3c6e7ebfc1c7c659cf4ec9300a6adbfef | |
parent | aee190c5031fba3d6742b2a46091401ca5d1f544 (diff) | |
download | platform_external_python_pyasn1-modules-da35e37e01f12711f00e41a46f2cbe79311285e7.tar.gz platform_external_python_pyasn1-modules-da35e37e01f12711f00e41a46f2cbe79311285e7.tar.bz2 platform_external_python_pyasn1-modules-da35e37e01f12711f00e41a46f2cbe79311285e7.zip |
Add support for RFC 6955 (#88)
-rw-r--r-- | CHANGES.txt | 1 | ||||
-rw-r--r-- | pyasn1_modules/rfc6955.py | 108 | ||||
-rw-r--r-- | tests/__main__.py | 1 | ||||
-rw-r--r-- | tests/test_rfc6955.py | 99 |
4 files changed, 209 insertions, 0 deletions
diff --git a/CHANGES.txt b/CHANGES.txt index 6b60f37..f4f03f7 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -8,6 +8,7 @@ Revision 0.2.8, released XX-XX-2019 - Added RFC7229 providing OIDs for Test Certificate Policies - Added tests for RFC3280, RFC3281, RFC3852, and RFC4211 - Added RFC6960 providing Online Certificate Status Protocol (OCSP) +- Added RFC6955 providing Diffie-Hellman Proof-of-Possession Algorithms Revision 0.2.7, released 09-10-2019 ----------------------------------- diff --git a/pyasn1_modules/rfc6955.py b/pyasn1_modules/rfc6955.py new file mode 100644 index 0000000..09f2d65 --- /dev/null +++ b/pyasn1_modules/rfc6955.py @@ -0,0 +1,108 @@ +# +# This file is part of pyasn1-modules software. +# +# Created by Russ Housley. +# +# Copyright (c) 2019, Vigil Security, LLC +# License: http://snmplabs.com/pyasn1/license.html +# +# Diffie-Hellman Proof-of-Possession Algorithms +# +# ASN.1 source from: +# https://www.rfc-editor.org/rfc/rfc6955.txt +# + +from pyasn1.type import namedtype +from pyasn1.type import univ + +from pyasn1_modules import rfc3279 +from pyasn1_modules import rfc5280 +from pyasn1_modules import rfc5652 + + +# Imports from RFC 5652 + +MessageDigest = rfc5652.MessageDigest + +IssuerAndSerialNumber = rfc5652.IssuerAndSerialNumber + + +# Imports from RFC 5280 + +id_pkix = rfc5280.id_pkix + + +# Imports from RFC 3279 + +Dss_Sig_Value = rfc3279.Dss_Sig_Value + +DomainParameters = rfc3279.DomainParameters + + +# Static DH Proof-of-Possession + +class DhSigStatic(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.OptionalNamedType('issuerAndSerial', IssuerAndSerialNumber()), + namedtype.NamedType('hashValue', MessageDigest()) + ) + + +# Object Identifiers + +id_dh_sig_hmac_sha1 = id_pkix + (6, 3, ) + +id_dhPop_static_sha1_hmac_sha1 = univ.ObjectIdentifier(id_dh_sig_hmac_sha1) + + +id_alg_dh_pop = id_pkix + (6, 4, ) + +id_alg_dhPop_sha1 = univ.ObjectIdentifier(id_alg_dh_pop) + +id_alg_dhPop_sha224 = id_pkix + (6, 5, ) + +id_alg_dhPop_sha256 = id_pkix + (6, 6, ) + +id_alg_dhPop_sha384 = id_pkix + (6, 7, ) + +id_alg_dhPop_sha512 = id_pkix + (6, 8, ) + + +id_alg_dhPop_static_sha224_hmac_sha224 = id_pkix + (6, 15, ) + +id_alg_dhPop_static_sha256_hmac_sha256 = id_pkix + (6, 16, ) + +id_alg_dhPop_static_sha384_hmac_sha384 = id_pkix + (6, 17, ) + +id_alg_dhPop_static_sha512_hmac_sha512 = id_pkix + (6, 18, ) + + +id_alg_ecdhPop_static_sha224_hmac_sha224 = id_pkix + (6, 25, ) + +id_alg_ecdhPop_static_sha256_hmac_sha256 = id_pkix + (6, 26, ) + +id_alg_ecdhPop_static_sha384_hmac_sha384 = id_pkix + (6, 27, ) + +id_alg_ecdhPop_static_sha512_hmac_sha512 = id_pkix + (6, 28, ) + + +# Update the Algorithm Identifier map in rfc5280.py + +_algorithmIdentifierMapUpdate = { + id_alg_dh_pop: DomainParameters(), + id_alg_dhPop_sha224: DomainParameters(), + id_alg_dhPop_sha256: DomainParameters(), + id_alg_dhPop_sha384: DomainParameters(), + id_alg_dhPop_sha512: DomainParameters(), + id_dh_sig_hmac_sha1: univ.Null(""), + id_alg_dhPop_static_sha224_hmac_sha224: univ.Null(""), + id_alg_dhPop_static_sha256_hmac_sha256: univ.Null(""), + id_alg_dhPop_static_sha384_hmac_sha384: univ.Null(""), + id_alg_dhPop_static_sha512_hmac_sha512: univ.Null(""), + id_alg_ecdhPop_static_sha224_hmac_sha224: univ.Null(""), + id_alg_ecdhPop_static_sha256_hmac_sha256: univ.Null(""), + id_alg_ecdhPop_static_sha384_hmac_sha384: univ.Null(""), + id_alg_ecdhPop_static_sha512_hmac_sha512: univ.Null(""), +} + +rfc5280.algorithmIdentifierMap.update(_algorithmIdentifierMapUpdate) diff --git a/tests/__main__.py b/tests/__main__.py index 10bfeee..b9e7070 100644 --- a/tests/__main__.py +++ b/tests/__main__.py @@ -58,6 +58,7 @@ suite = unittest.TestLoader().loadTestsFromNames( 'tests.test_rfc6032.suite', 'tests.test_rfc6210.suite', 'tests.test_rfc6211.suite', + 'tests.test_rfc6955.suite', 'tests.test_rfc6960.suite', 'tests.test_rfc7030.suite', 'tests.test_rfc7191.suite', diff --git a/tests/test_rfc6955.py b/tests/test_rfc6955.py new file mode 100644 index 0000000..eb4d5cf --- /dev/null +++ b/tests/test_rfc6955.py @@ -0,0 +1,99 @@ +# +# This file is part of pyasn1-modules software. +# +# Created by Russ Housley +# Copyright (c) 2019, Vigil Security, LLC +# License: http://snmplabs.com/pyasn1/license.html +# + +import sys + +from pyasn1.codec.der.decoder import decode as der_decode +from pyasn1.codec.der.encoder import encode as der_encode + +from pyasn1.type import univ + +from pyasn1_modules import pem +from pyasn1_modules import rfc5280 +from pyasn1_modules import rfc5480 +from pyasn1_modules import rfc6402 +from pyasn1_modules import rfc6955 + +try: + import unittest2 as unittest + +except ImportError: + import unittest + + +class CertificationRequestTestCase(unittest.TestCase): + pem_text = """\ +MIIDPDCCArsCAQAwTjELMAkGA1UEBhMCVVMxETAPBgNVBAoTCFhFVEkgSW5jMRAw +DgYDVQQLEwdUZXN0aW5nMRowGAYDVQQDExFQS0lYIEV4YW1wbGUgVXNlcjCCAkEw +ggG2BgcqhkjOPgIBMIIBqQKBgQCUhOBFbH9pUWI+VoB8aOfFqZ6edHSU7ZCMHcTh +ShSC9dKUDBnjuRC7EbnlpfuOIVFjAoaqBrghNrZ/Nt/R1mhbeXwdWhR1H2qTdZPO +u5dyivAPI51H9tSzx/D05vYrwjLhiWe+fgau+NABa4sq9QLXtqhjlIOwGzF9Uhre +5QOFJwKBgCamMixaK9QzK1zcBodTP5AGYVA4PtK5fYEcEhDFDFPUZNGOMAcIjN0/ +Ci8s1ht/V4bQ2rtuNioY6NO8cDF6SLZOGG7dHyIG6z/q1EFp2ZveR5V6cpHSCX9J +XDsDM1HI8Tma/wTVbn6UPQO49jEVJkiVqFzeR4i0aToAp4ae2tHNAiEA6HL6lvAR +QPXy3P07XXiUsYUB5Wk3IfclubpxSvxgMPsCYQCjkQHAqG6kTaBW/Gz+H6ewzQ+U +hwwlvpd2jevlpAldq4PNgAs1Z38MjqcxmDKFOUCdEZjY3rh/hpuvjWc9tna0YS8h +4UsOaP9TPofd2HFWaEfc9yBjSzxfeHGD5nCe4pIwGgMVABzVOg0Xgm0KgXWBRhCO +PtsJ5Jg0AgE3A4GEAAKBgBNjoYUEjEaoiOv0XqiTdK79rp6WJxJlxEwHBj4Y/pS4 +qHlIvS40tkfKBDCh7DP9GgstnlDJeA+uauy1a2q+slzasp94LLl34nkrJb8uC1lK +k0v4s+yBNK6XR1LgqCmY7NGwyitveovbTo2lFX5+rzNiCZ4PEUSMwY2iEZ5T77Lo +oCEwHwYJKoZIhvcNAQkOMRIwEDAOBgNVHQ8BAf8EBAMCAwgwDAYIKwYBBQUHBgMF +AANtADBqMFIwSDELMAkGA1UEBhMCVVMxETAPBgNVBAoTCFhFVEkgSW5jMRAwDgYD +VQQLEwdUZXN0aW5nMRQwEgYDVQQDEwtSb290IERTQSBDQQIGANo5tuLLBBQtBXf+ +Xo9l9a+tyVybAsCoiClhYw== +""" + + def setUp(self): + self.asn1Spec = rfc6402.CertificationRequest() + + def testDerCodec(self): + substrate = pem.readBase64fromText(self.pem_text) + asn1Object, rest = der_decode(substrate, asn1Spec=self.asn1Spec) + assert not rest + assert asn1Object.prettyPrint() + assert der_encode(asn1Object) == substrate + + spki_a = asn1Object['certificationRequestInfo']['subjectPublicKeyInfo']['algorithm'] + assert spki_a['algorithm'] == rfc5480.dhpublicnumber + assert spki_a['algorithm'] in rfc5280.algorithmIdentifierMap.keys() + params, rest = der_decode(spki_a['parameters'], asn1Spec=rfc6955.DomainParameters()) + assert not rest + assert params.prettyPrint() + assert der_encode(params) == spki_a['parameters'] + assert params['validationParms']['pgenCounter'] == 55 + + sig_a = asn1Object['signatureAlgorithm'] + assert sig_a['algorithm'] == rfc6955.id_dhPop_static_sha1_hmac_sha1 + assert sig_a['algorithm'] in rfc5280.algorithmIdentifierMap.keys() + assert sig_a['parameters'] == der_encode(univ.Null("")) + + def testOpenTypes(self): + substrate = pem.readBase64fromText(self.pem_text) + asn1Object, rest = der_decode(substrate, + asn1Spec=self.asn1Spec, + decodeOpenTypes=True) + assert not rest + assert asn1Object.prettyPrint() + assert der_encode(asn1Object) == substrate + + spki_a = asn1Object['certificationRequestInfo']['subjectPublicKeyInfo']['algorithm'] + assert spki_a['algorithm'] == rfc5480.dhpublicnumber + assert spki_a['parameters']['validationParms']['pgenCounter'] == 55 + + sig_a = asn1Object['signatureAlgorithm'] + assert sig_a['algorithm'] == rfc6955.id_dhPop_static_sha1_hmac_sha1 + assert sig_a['parameters'] == univ.Null("") + + +suite = unittest.TestLoader().loadTestsFromModule(sys.modules[__name__]) + +if __name__ == '__main__': + import sys + + result = unittest.TextTestRunner(verbosity=2).run(suite) + sys.exit(not result.wasSuccessful()) |