From 916d61bdffb1f0df435c8f3bffab4150d03de12b Mon Sep 17 00:00:00 2001 From: William Grant Date: Thu, 17 Mar 2011 22:39:45 +1100 Subject: [PATCH 1/5] Add EMSA-PKCS1-v1_5-ENCODE tests. One fails because we don't require at least 8 bytes of padding. --- dkim/tests/__init__.py | 2 ++ dkim/tests/test_crypto.py | 60 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 62 insertions(+) create mode 100644 dkim/tests/test_crypto.py diff --git a/dkim/tests/__init__.py b/dkim/tests/__init__.py index 7fb38ab..4c258fc 100644 --- a/dkim/tests/__init__.py +++ b/dkim/tests/__init__.py @@ -21,10 +21,12 @@ import unittest def test_suite(): from dkim.tests import ( + test_crypto, test_dkim, test_util, ) modules = [ + test_crypto, test_dkim, test_util, ] diff --git a/dkim/tests/test_crypto.py b/dkim/tests/test_crypto.py new file mode 100644 index 0000000..f882e92 --- /dev/null +++ b/dkim/tests/test_crypto.py @@ -0,0 +1,60 @@ +# This software is provided 'as-is', without any express or implied +# warranty. In no event will the author be held liable for any damages +# arising from the use of this software. +# +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute it +# freely, subject to the following restrictions: +# +# 1. The origin of this software must not be misrepresented; you must not +# claim that you wrote the original software. If you use this software +# in a product, an acknowledgment in the product documentation would be +# appreciated but is not required. +# 2. Altered source versions must be plainly marked as such, and must not be +# misrepresented as being the original software. +# 3. This notice may not be removed or altered from any source distribution. +# +# Copyright (c) 2011 William Grant + +import unittest + +from dkim import ( + HASHID_SHA1, + HASHID_SHA256, + ) +from dkim.crypto import ( + DigestTooLargeError, + EMSA_PKCS1_v1_5_encode, + ) + + +class TestEMSA_PKCS1_v1_5(unittest.TestCase): + + def test_encode_sha256(self): + digest = '0123456789abcdef0123456789abcdef' + self.assertEquals( + '\x00\x01\xff\xff\xff\xff\xff\xff\xff\xff\x00' + '010\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x01\x05\x00\x04 ' + + digest, + EMSA_PKCS1_v1_5_encode(digest, 62, HASHID_SHA256)) + + def test_encode_sha1(self): + digest = '0123456789abcdef0123' + self.assertEquals( + '\x00\x01\xff\xff\xff\xff\xff\xff\xff\xff\x00' + '0!0\x09\x06\x05\x2b\x0e\x03\x02\x1a\x05\x00\x04\x14' + + digest, + EMSA_PKCS1_v1_5_encode(digest, 46, HASHID_SHA1)) + + def test_encode_forbids_too_short(self): + # PKCS#1 requires at least 8 bytes of padding, so there must be + # at least that much space. + digest = '0123456789abcdef0123' + self.assertRaises( + DigestTooLargeError, + EMSA_PKCS1_v1_5_encode, digest, 45, HASHID_SHA1) + + +def test_suite(): + from unittest import TestLoader + return TestLoader().loadTestsFromName(__name__) From bcbf8feacfed3b905ef024e59a5da114c0234bc9 Mon Sep 17 00:00:00 2001 From: William Grant Date: Thu, 17 Mar 2011 22:47:50 +1100 Subject: [PATCH 2/5] Add int2str/str2int tests. --- dkim/tests/test_crypto.py | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/dkim/tests/test_crypto.py b/dkim/tests/test_crypto.py index f882e92..9dbcb40 100644 --- a/dkim/tests/test_crypto.py +++ b/dkim/tests/test_crypto.py @@ -25,9 +25,26 @@ from dkim import ( from dkim.crypto import ( DigestTooLargeError, EMSA_PKCS1_v1_5_encode, + int2str, + str2int, ) +class TestStrIntConversion(unittest.TestCase): + + def test_str2int(self): + self.assertEquals(1234, str2int('\x04\xd2')) + + def test_int2str(self): + self.assertEquals('\x04\xd2', int2str(1234)) + + def test_int2str_with_length(self): + self.assertEquals('\x00\x00\x04\xd2', int2str(1234, 4)) + + def test_int2str_fails_on_negative(self): + self.assertRaises(AssertionError, int2str, -1) + + class TestEMSA_PKCS1_v1_5(unittest.TestCase): def test_encode_sha256(self): From d79c856ef04ac581a3d15b57e8d5d78bf4218cc8 Mon Sep 17 00:00:00 2001 From: William Grant Date: Sat, 19 Mar 2011 15:03:53 +1100 Subject: [PATCH 3/5] RSA tests. --- dkim/tests/test_crypto.py | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/dkim/tests/test_crypto.py b/dkim/tests/test_crypto.py index 9dbcb40..12eff95 100644 --- a/dkim/tests/test_crypto.py +++ b/dkim/tests/test_crypto.py @@ -26,6 +26,7 @@ from dkim.crypto import ( DigestTooLargeError, EMSA_PKCS1_v1_5_encode, int2str, + perform_rsa, str2int, ) @@ -72,6 +73,27 @@ class TestEMSA_PKCS1_v1_5(unittest.TestCase): EMSA_PKCS1_v1_5_encode, digest, 45, HASHID_SHA1) +class TestRSA(unittest.TestCase): + + message = '\x00\x04\xfb' + modulus = 186101 + modlen = 3 + public_exponent = 907 + private_exponent = 2851 + + def test_perform(self): + signed = perform_rsa( + self.message, self.private_exponent, self.modulus, self.modlen) + self.assertEquals('\x01\xf1\x40', signed) + + def test_sign_and_verify(self): + signed = perform_rsa( + self.message, self.private_exponent, self.modulus, self.modlen) + unsigned = perform_rsa( + signed, self.public_exponent, self.modulus, self.modlen) + self.assertEquals(self.message, unsigned) + + def test_suite(): from unittest import TestLoader return TestLoader().loadTestsFromName(__name__) From 2ee087da016470cba8ccd488065e6e68b3c33421 Mon Sep 17 00:00:00 2001 From: William Grant Date: Sat, 19 Mar 2011 16:23:48 +1100 Subject: [PATCH 4/5] Extract parse_pem_private_key, and test it and parse_public_key. --- dkim/__init__.py | 13 ++----------- dkim/crypto.py | 19 +++++++++++++++++++ dkim/tests/test_crypto.py | 35 +++++++++++++++++++++++++++++++++++ 3 files changed, 56 insertions(+), 11 deletions(-) diff --git a/dkim/__init__.py b/dkim/__init__.py index 9a42462..72b762a 100644 --- a/dkim/__init__.py +++ b/dkim/__init__.py @@ -28,7 +28,7 @@ import dns.resolver from dkim.crypto import ( DigestTooLargeError, - parse_private_key, + parse_pem_private_key, parse_public_key, RSASSA_PKCS1_v1_5_sign, RSASSA_PKCS1_v1_5_verify, @@ -268,17 +268,8 @@ def sign(message, selector, domain, privkey, identity=None, canonicalize=(Simple (headers, body) = rfc822_parse(message) - m = re.search("--\n(.*?)\n--", privkey, re.DOTALL) - if m is None: - raise KeyFormatError("Private key not found") try: - pkdata = base64.b64decode(m.group(1)) - except TypeError, e: - raise KeyFormatError(str(e)) - if debuglog is not None: - print >>debuglog, " ".join("%02x" % ord(x) for x in pkdata) - try: - pk = parse_private_key(pkdata) + pk = parse_pem_private_key(privkey) except UnparsableKeyError, e: raise KeyFormatError(str(e)) diff --git a/dkim/crypto.py b/dkim/crypto.py index b7011d3..9ed6116 100644 --- a/dkim/crypto.py +++ b/dkim/crypto.py @@ -28,6 +28,9 @@ __all__ = [ 'UnparsableKeyError', ] +import base64 +import re + from dkim.asn1 import ( ASN1FormatError, asn1_build, @@ -127,6 +130,22 @@ def parse_private_key(data): return pk +def parse_pem_private_key(data): + """Parse a PEM private key. + + @param data: RFC3447 RSAPrivateKey in PEM format. + @return: RSA private key + """ + m = re.search("--\n(.*?)\n--", data, re.DOTALL) + if m is None: + raise UnparsableKeyError("Private key not found") + try: + pkdata = base64.b64decode(m.group(1)) + except TypeError, e: + raise UnparsableKeyError(str(e)) + return parse_private_key(pkdata) + + def EMSA_PKCS1_v1_5_encode(digest, mlen, hashid): """Encode a digest with RFC3447 EMSA-PKCS1-v1_5. diff --git a/dkim/tests/test_crypto.py b/dkim/tests/test_crypto.py index 12eff95..f033c4b 100644 --- a/dkim/tests/test_crypto.py +++ b/dkim/tests/test_crypto.py @@ -16,6 +16,7 @@ # # Copyright (c) 2011 William Grant +import base64 import unittest from dkim import ( @@ -26,9 +27,28 @@ from dkim.crypto import ( DigestTooLargeError, EMSA_PKCS1_v1_5_encode, int2str, + parse_pem_private_key, + parse_public_key, perform_rsa, str2int, ) +from dkim.tests.test_dkim import read_test_data +from dkim.util import parse_tag_value + + +TEST_KEY_MODULUS = int( + '160190232090260054474895273563294777865179886824815261110923286158270437' + '657769966074370477716411064825849317279563494735400250019233722215662302' + '997403060159149904218292658425241195497467863155064737257198115261596066' + '733086923624062366294295557722551666415445482671442053150678674937682352' + '837105556539434741981') +TEST_KEY_PUBLIC_EXPONENT = 65537 +TEST_KEY_PRIVATE_EXPONENT = int( + '219642251791061057038224045690185219631125389170665415924249912174530136' + '074693824121380763959239792563755125360354847443780863736947713174228520' + '489900956461640273471526152019568303807247290486052565153701534491987040' + '131529720476525111651818771481293273124837542067061293644354088836358900' + '29771161475005043329') class TestStrIntConversion(unittest.TestCase): @@ -46,6 +66,21 @@ class TestStrIntConversion(unittest.TestCase): self.assertRaises(AssertionError, int2str, -1) +class TestParseKeys(unittest.TestCase): + + def test_parse_pem_private_key(self): + key = parse_pem_private_key(read_test_data('test.private')) + self.assertEquals(key['modulus'], TEST_KEY_MODULUS) + self.assertEquals(key['publicExponent'], TEST_KEY_PUBLIC_EXPONENT) + self.assertEquals(key['privateExponent'], TEST_KEY_PRIVATE_EXPONENT) + + def test_parse_public_key(self): + data = read_test_data('test.txt') + key = parse_public_key(base64.b64decode(parse_tag_value(data)['p'])) + self.assertEquals(key['modulus'], TEST_KEY_MODULUS) + self.assertEquals(key['publicExponent'], TEST_KEY_PUBLIC_EXPONENT) + + class TestEMSA_PKCS1_v1_5(unittest.TestCase): def test_encode_sha256(self): From 152458defeb71d279b6266ea02a4f4fd7d10a392 Mon Sep 17 00:00:00 2001 From: William Grant Date: Sat, 19 Mar 2011 16:39:57 +1100 Subject: [PATCH 5/5] Test RSASSA. --- dkim/tests/test_crypto.py | 37 +++++++++++++++++++++++++++++++++++-- 1 file changed, 35 insertions(+), 2 deletions(-) diff --git a/dkim/tests/test_crypto.py b/dkim/tests/test_crypto.py index f033c4b..9a6a89a 100644 --- a/dkim/tests/test_crypto.py +++ b/dkim/tests/test_crypto.py @@ -30,6 +30,8 @@ from dkim.crypto import ( parse_pem_private_key, parse_public_key, perform_rsa, + RSASSA_PKCS1_v1_5_sign, + RSASSA_PKCS1_v1_5_verify, str2int, ) from dkim.tests.test_dkim import read_test_data @@ -110,7 +112,7 @@ class TestEMSA_PKCS1_v1_5(unittest.TestCase): class TestRSA(unittest.TestCase): - message = '\x00\x04\xfb' + message = '0004fb'.decode('hex') modulus = 186101 modlen = 3 public_exponent = 907 @@ -119,7 +121,7 @@ class TestRSA(unittest.TestCase): def test_perform(self): signed = perform_rsa( self.message, self.private_exponent, self.modulus, self.modlen) - self.assertEquals('\x01\xf1\x40', signed) + self.assertEquals('01f140'.decode('hex'), signed) def test_sign_and_verify(self): signed = perform_rsa( @@ -129,6 +131,37 @@ class TestRSA(unittest.TestCase): self.assertEquals(self.message, unsigned) +class TestRSASSA(unittest.TestCase): + + def setUp(self): + self.key = parse_pem_private_key(read_test_data('test.private')) + + test_digest = '0123456789abcdef0123' + test_signature = ( + '3702809f62db933a5c3d18c2c76a3470658d2e79868fac98eaaca7e87d0cdc7' + 'fd091182673ed57c66531835d814ff367ffa3d764e74ca8ab301982d13eabb5' + 'dbe90e5c46ea223c5d3ee835aa74aaffe06e8018affeb78b5178818cb33656c' + 'ed462905bc0dc608e354f6ed3d4ec160ce9326ed227ccb0c1e5ba22098e10e6' + 'c083').decode('hex') + + def test_sign_and_verify(self): + signature = RSASSA_PKCS1_v1_5_sign( + self.test_digest, HASHID_SHA1, TEST_KEY_PRIVATE_EXPONENT, + TEST_KEY_MODULUS) + self.assertEquals( + self.test_signature, signature) + self.assertTrue( + RSASSA_PKCS1_v1_5_verify( + self.test_digest, HASHID_SHA1, signature, + TEST_KEY_PUBLIC_EXPONENT, TEST_KEY_MODULUS)) + + def test_invalid_signature(self): + self.assertFalse( + RSASSA_PKCS1_v1_5_verify( + self.test_digest, HASHID_SHA1, self.test_signature, + TEST_KEY_PUBLIC_EXPONENT, TEST_KEY_MODULUS + 1)) + + def test_suite(): from unittest import TestLoader return TestLoader().loadTestsFromName(__name__)