aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRuss Housley <housley@vigilsec.com>2019-10-20 02:00:29 -0400
committerIlya Etingof <etingof@gmail.com>2019-10-20 08:00:29 +0200
commitda35e37e01f12711f00e41a46f2cbe79311285e7 (patch)
tree8ee52ac3c6e7ebfc1c7c659cf4ec9300a6adbfef
parentaee190c5031fba3d6742b2a46091401ca5d1f544 (diff)
downloadplatform_external_python_pyasn1-modules-da35e37e01f12711f00e41a46f2cbe79311285e7.tar.gz
platform_external_python_pyasn1-modules-da35e37e01f12711f00e41a46f2cbe79311285e7.tar.bz2
platform_external_python_pyasn1-modules-da35e37e01f12711f00e41a46f2cbe79311285e7.zip
Add support for RFC 6955 (#88)
Diffstat
-rw-r--r--CHANGES.txt1
-rw-r--r--pyasn1_modules/rfc6955.py108
-rw-r--r--tests/__main__.py1
-rw-r--r--tests/test_rfc6955.py99
4 files changed, 209 insertions, 0 deletions
diff --git a/CHANGES.txt b/CHANGES.txt
index 6b60f37..f4f03f7 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -8,6 +8,7 @@ Revision 0.2.8, released XX-XX-2019
- Added RFC7229 providing OIDs for Test Certificate Policies
- Added tests for RFC3280, RFC3281, RFC3852, and RFC4211
- Added RFC6960 providing Online Certificate Status Protocol (OCSP)
+- Added RFC6955 providing Diffie-Hellman Proof-of-Possession Algorithms
Revision 0.2.7, released 09-10-2019
-----------------------------------
diff --git a/pyasn1_modules/rfc6955.py b/pyasn1_modules/rfc6955.py
new file mode 100644
index 0000000..09f2d65
--- /dev/null
+++ b/pyasn1_modules/rfc6955.py
@@ -0,0 +1,108 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Created by Russ Housley.
+#
+# Copyright (c) 2019, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# Diffie-Hellman Proof-of-Possession Algorithms
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc6955.txt
+#
+
+from pyasn1.type import namedtype
+from pyasn1.type import univ
+
+from pyasn1_modules import rfc3279
+from pyasn1_modules import rfc5280
+from pyasn1_modules import rfc5652
+
+
+# Imports from RFC 5652
+
+MessageDigest = rfc5652.MessageDigest
+
+IssuerAndSerialNumber = rfc5652.IssuerAndSerialNumber
+
+
+# Imports from RFC 5280
+
+id_pkix = rfc5280.id_pkix
+
+
+# Imports from RFC 3279
+
+Dss_Sig_Value = rfc3279.Dss_Sig_Value
+
+DomainParameters = rfc3279.DomainParameters
+
+
+# Static DH Proof-of-Possession
+
+class DhSigStatic(univ.Sequence):
+ componentType = namedtype.NamedTypes(
+ namedtype.OptionalNamedType('issuerAndSerial', IssuerAndSerialNumber()),
+ namedtype.NamedType('hashValue', MessageDigest())
+ )
+
+
+# Object Identifiers
+
+id_dh_sig_hmac_sha1 = id_pkix + (6, 3, )
+
+id_dhPop_static_sha1_hmac_sha1 = univ.ObjectIdentifier(id_dh_sig_hmac_sha1)
+
+
+id_alg_dh_pop = id_pkix + (6, 4, )
+
+id_alg_dhPop_sha1 = univ.ObjectIdentifier(id_alg_dh_pop)
+
+id_alg_dhPop_sha224 = id_pkix + (6, 5, )
+
+id_alg_dhPop_sha256 = id_pkix + (6, 6, )
+
+id_alg_dhPop_sha384 = id_pkix + (6, 7, )
+
+id_alg_dhPop_sha512 = id_pkix + (6, 8, )
+
+
+id_alg_dhPop_static_sha224_hmac_sha224 = id_pkix + (6, 15, )
+
+id_alg_dhPop_static_sha256_hmac_sha256 = id_pkix + (6, 16, )
+
+id_alg_dhPop_static_sha384_hmac_sha384 = id_pkix + (6, 17, )
+
+id_alg_dhPop_static_sha512_hmac_sha512 = id_pkix + (6, 18, )
+
+
+id_alg_ecdhPop_static_sha224_hmac_sha224 = id_pkix + (6, 25, )
+
+id_alg_ecdhPop_static_sha256_hmac_sha256 = id_pkix + (6, 26, )
+
+id_alg_ecdhPop_static_sha384_hmac_sha384 = id_pkix + (6, 27, )
+
+id_alg_ecdhPop_static_sha512_hmac_sha512 = id_pkix + (6, 28, )
+
+
+# Update the Algorithm Identifier map in rfc5280.py
+
+_algorithmIdentifierMapUpdate = {
+ id_alg_dh_pop: DomainParameters(),
+ id_alg_dhPop_sha224: DomainParameters(),
+ id_alg_dhPop_sha256: DomainParameters(),
+ id_alg_dhPop_sha384: DomainParameters(),
+ id_alg_dhPop_sha512: DomainParameters(),
+ id_dh_sig_hmac_sha1: univ.Null(""),
+ id_alg_dhPop_static_sha224_hmac_sha224: univ.Null(""),
+ id_alg_dhPop_static_sha256_hmac_sha256: univ.Null(""),
+ id_alg_dhPop_static_sha384_hmac_sha384: univ.Null(""),
+ id_alg_dhPop_static_sha512_hmac_sha512: univ.Null(""),
+ id_alg_ecdhPop_static_sha224_hmac_sha224: univ.Null(""),
+ id_alg_ecdhPop_static_sha256_hmac_sha256: univ.Null(""),
+ id_alg_ecdhPop_static_sha384_hmac_sha384: univ.Null(""),
+ id_alg_ecdhPop_static_sha512_hmac_sha512: univ.Null(""),
+}
+
+rfc5280.algorithmIdentifierMap.update(_algorithmIdentifierMapUpdate)
diff --git a/tests/__main__.py b/tests/__main__.py
index 10bfeee..b9e7070 100644
--- a/tests/__main__.py
+++ b/tests/__main__.py
@@ -58,6 +58,7 @@ suite = unittest.TestLoader().loadTestsFromNames(
'tests.test_rfc6032.suite',
'tests.test_rfc6210.suite',
'tests.test_rfc6211.suite',
+ 'tests.test_rfc6955.suite',
'tests.test_rfc6960.suite',
'tests.test_rfc7030.suite',
'tests.test_rfc7191.suite',
diff --git a/tests/test_rfc6955.py b/tests/test_rfc6955.py
new file mode 100644
index 0000000..eb4d5cf
--- /dev/null
+++ b/tests/test_rfc6955.py
@@ -0,0 +1,99 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Created by Russ Housley
+# Copyright (c) 2019, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+
+import sys
+
+from pyasn1.codec.der.decoder import decode as der_decode
+from pyasn1.codec.der.encoder import encode as der_encode
+
+from pyasn1.type import univ
+
+from pyasn1_modules import pem
+from pyasn1_modules import rfc5280
+from pyasn1_modules import rfc5480
+from pyasn1_modules import rfc6402
+from pyasn1_modules import rfc6955
+
+try:
+ import unittest2 as unittest
+
+except ImportError:
+ import unittest
+
+
+class CertificationRequestTestCase(unittest.TestCase):
+ pem_text = """\
+MIIDPDCCArsCAQAwTjELMAkGA1UEBhMCVVMxETAPBgNVBAoTCFhFVEkgSW5jMRAw
+DgYDVQQLEwdUZXN0aW5nMRowGAYDVQQDExFQS0lYIEV4YW1wbGUgVXNlcjCCAkEw
+ggG2BgcqhkjOPgIBMIIBqQKBgQCUhOBFbH9pUWI+VoB8aOfFqZ6edHSU7ZCMHcTh
+ShSC9dKUDBnjuRC7EbnlpfuOIVFjAoaqBrghNrZ/Nt/R1mhbeXwdWhR1H2qTdZPO
+u5dyivAPI51H9tSzx/D05vYrwjLhiWe+fgau+NABa4sq9QLXtqhjlIOwGzF9Uhre
+5QOFJwKBgCamMixaK9QzK1zcBodTP5AGYVA4PtK5fYEcEhDFDFPUZNGOMAcIjN0/
+Ci8s1ht/V4bQ2rtuNioY6NO8cDF6SLZOGG7dHyIG6z/q1EFp2ZveR5V6cpHSCX9J
+XDsDM1HI8Tma/wTVbn6UPQO49jEVJkiVqFzeR4i0aToAp4ae2tHNAiEA6HL6lvAR
+QPXy3P07XXiUsYUB5Wk3IfclubpxSvxgMPsCYQCjkQHAqG6kTaBW/Gz+H6ewzQ+U
+hwwlvpd2jevlpAldq4PNgAs1Z38MjqcxmDKFOUCdEZjY3rh/hpuvjWc9tna0YS8h
+4UsOaP9TPofd2HFWaEfc9yBjSzxfeHGD5nCe4pIwGgMVABzVOg0Xgm0KgXWBRhCO
+PtsJ5Jg0AgE3A4GEAAKBgBNjoYUEjEaoiOv0XqiTdK79rp6WJxJlxEwHBj4Y/pS4
+qHlIvS40tkfKBDCh7DP9GgstnlDJeA+uauy1a2q+slzasp94LLl34nkrJb8uC1lK
+k0v4s+yBNK6XR1LgqCmY7NGwyitveovbTo2lFX5+rzNiCZ4PEUSMwY2iEZ5T77Lo
+oCEwHwYJKoZIhvcNAQkOMRIwEDAOBgNVHQ8BAf8EBAMCAwgwDAYIKwYBBQUHBgMF
+AANtADBqMFIwSDELMAkGA1UEBhMCVVMxETAPBgNVBAoTCFhFVEkgSW5jMRAwDgYD
+VQQLEwdUZXN0aW5nMRQwEgYDVQQDEwtSb290IERTQSBDQQIGANo5tuLLBBQtBXf+
+Xo9l9a+tyVybAsCoiClhYw==
+"""
+
+ def setUp(self):
+ self.asn1Spec = rfc6402.CertificationRequest()
+
+ def testDerCodec(self):
+ substrate = pem.readBase64fromText(self.pem_text)
+ asn1Object, rest = der_decode(substrate, asn1Spec=self.asn1Spec)
+ assert not rest
+ assert asn1Object.prettyPrint()
+ assert der_encode(asn1Object) == substrate
+
+ spki_a = asn1Object['certificationRequestInfo']['subjectPublicKeyInfo']['algorithm']
+ assert spki_a['algorithm'] == rfc5480.dhpublicnumber
+ assert spki_a['algorithm'] in rfc5280.algorithmIdentifierMap.keys()
+ params, rest = der_decode(spki_a['parameters'], asn1Spec=rfc6955.DomainParameters())
+ assert not rest
+ assert params.prettyPrint()
+ assert der_encode(params) == spki_a['parameters']
+ assert params['validationParms']['pgenCounter'] == 55
+
+ sig_a = asn1Object['signatureAlgorithm']
+ assert sig_a['algorithm'] == rfc6955.id_dhPop_static_sha1_hmac_sha1
+ assert sig_a['algorithm'] in rfc5280.algorithmIdentifierMap.keys()
+ assert sig_a['parameters'] == der_encode(univ.Null(""))
+
+ def testOpenTypes(self):
+ substrate = pem.readBase64fromText(self.pem_text)
+ asn1Object, rest = der_decode(substrate,
+ asn1Spec=self.asn1Spec,
+ decodeOpenTypes=True)
+ assert not rest
+ assert asn1Object.prettyPrint()
+ assert der_encode(asn1Object) == substrate
+
+ spki_a = asn1Object['certificationRequestInfo']['subjectPublicKeyInfo']['algorithm']
+ assert spki_a['algorithm'] == rfc5480.dhpublicnumber
+ assert spki_a['parameters']['validationParms']['pgenCounter'] == 55
+
+ sig_a = asn1Object['signatureAlgorithm']
+ assert sig_a['algorithm'] == rfc6955.id_dhPop_static_sha1_hmac_sha1
+ assert sig_a['parameters'] == univ.Null("")
+
+
+suite = unittest.TestLoader().loadTestsFromModule(sys.modules[__name__])
+
+if __name__ == '__main__':
+ import sys
+
+ result = unittest.TextTestRunner(verbosity=2).run(suite)
+ sys.exit(not result.wasSuccessful())
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-31 03:51:00 +0000