Add TR2012 test vectors (#154)

Author: kislyuk

signxml/__init__.py

@@ -10,6 +10,7 @@
 from cryptography.hazmat.primitives.asymmetric import dsa, ec, rsa, utils
 from cryptography.hazmat.primitives.asymmetric.padding import PKCS1v15
 from cryptography.hazmat.primitives.hashes import Hash, SHA1, SHA224, SHA256, SHA384, SHA512
+from cryptography.hazmat.primitives.serialization import load_der_public_key
 from cryptography.hazmat.backends import default_backend
 
 from .exceptions import InvalidSignature, InvalidDigest, InvalidInput, InvalidCertificate  # noqa
@@ -541,16 +542,22 @@ def _get_signature(self, root):
         else:
             return self._find(root, "Signature", anywhere=True)
 
-    def _verify_signature_with_pubkey(self, signed_info_c14n, raw_signature, key_value, signature_alg):
+    def _verify_signature_with_pubkey(self, signed_info_c14n, raw_signature, key_value, der_encoded_key_value,
+                                      signature_alg):
+        if der_encoded_key_value is not None:
+            key = load_der_public_key(b64decode(der_encoded_key_value.text), backend=default_backend())
         if "ecdsa-" in signature_alg:
-            ec_key_value = self._find(key_value, "ECKeyValue", namespace="dsig11")
-            named_curve = self._find(ec_key_value, "NamedCurve", namespace="dsig11")
-            public_key = self._find(ec_key_value, "PublicKey", namespace="dsig11")
-            key_data = b64decode(public_key.text)[1:]
-            x = bytes_to_long(key_data[:len(key_data)//2])
-            y = bytes_to_long(key_data[len(key_data)//2:])
-            curve_class = self.known_ecdsa_curves[named_curve.get("URI")]
-            key = ec.EllipticCurvePublicNumbers(x=x, y=y, curve=curve_class()).public_key(backend=default_backend())
+            if key_value:
+                ec_key_value = self._find(key_value, "ECKeyValue", namespace="dsig11")
+                named_curve = self._find(ec_key_value, "NamedCurve", namespace="dsig11")
+                public_key = self._find(ec_key_value, "PublicKey", namespace="dsig11")
+                key_data = b64decode(public_key.text)[1:]
+                x = bytes_to_long(key_data[:len(key_data)//2])
+                y = bytes_to_long(key_data[len(key_data)//2:])
+                curve_class = self.known_ecdsa_curves[named_curve.get("URI")]
+                key = ec.EllipticCurvePublicNumbers(x=x, y=y, curve=curve_class()).public_key(backend=default_backend())
+            elif not isinstance(key, ec.EllipticCurvePublicKey):
+                raise InvalidInput("DER encoded key value does not match specified signature algorithm")
             dss_signature = self._encode_dss_signature(raw_signature, key.key_size)
             key.verify(
                 dss_signature,
@@ -560,23 +567,29 @@ def _verify_signature_with_pubkey(self, signed_info_c14n, raw_signature, key_val
                 ),
             )
         elif "dsa-" in signature_alg:
-            dsa_key_value = self._find(key_value, "DSAKeyValue")
-            p = self._get_long(dsa_key_value, "P")
-            q = self._get_long(dsa_key_value, "Q")
-            g = self._get_long(dsa_key_value, "G", require=False)
-            y = self._get_long(dsa_key_value, "Y")
-            pn = dsa.DSAPublicNumbers(y=y, parameter_numbers=dsa.DSAParameterNumbers(p=p, q=q, g=g))
-            key = pn.public_key(backend=default_backend())
+            if key_value:
+                dsa_key_value = self._find(key_value, "DSAKeyValue")
+                p = self._get_long(dsa_key_value, "P")
+                q = self._get_long(dsa_key_value, "Q")
+                g = self._get_long(dsa_key_value, "G", require=False)
+                y = self._get_long(dsa_key_value, "Y")
+                pn = dsa.DSAPublicNumbers(y=y, parameter_numbers=dsa.DSAParameterNumbers(p=p, q=q, g=g))
+                key = pn.public_key(backend=default_backend())
+            elif not isinstance(key, dsa.DSAPublicKey):
+                raise InvalidInput("DER encoded key value does not match specified signature algorithm")
             # TODO: supply meaningful key_size_bits for signature length assertion
             dss_signature = self._encode_dss_signature(raw_signature, len(raw_signature) * 8 / 2)
             key.verify(dss_signature,
                        data=signed_info_c14n,
                        algorithm=self._get_signature_digest_method(signature_alg))
         elif "rsa-" in signature_alg:
-            rsa_key_value = self._find(key_value, "RSAKeyValue")
-            modulus = self._get_long(rsa_key_value, "Modulus")
-            exponent = self._get_long(rsa_key_value, "Exponent")
-            key = rsa.RSAPublicNumbers(e=exponent, n=modulus).public_key(backend=default_backend())
+            if key_value:
+                rsa_key_value = self._find(key_value, "RSAKeyValue")
+                modulus = self._get_long(rsa_key_value, "Modulus")
+                exponent = self._get_long(rsa_key_value, "Exponent")
+                key = rsa.RSAPublicNumbers(e=exponent, n=modulus).public_key(backend=default_backend())
+            elif not isinstance(key, rsa.RSAPublicKey):
+                raise InvalidInput("DER encoded key value does not match specified signature algorithm")
             key.verify(raw_signature,
                        data=signed_info_c14n,
                        padding=PKCS1v15(),
@@ -746,6 +759,7 @@ def verify(self, data, require_x509=True, x509_cert=None, cert_subject_name=None
         raw_signature = b64decode(signature_value.text)
         x509_data = signature.find("ds:KeyInfo/ds:X509Data", namespaces=namespaces)
         key_value = signature.find("ds:KeyInfo/ds:KeyValue", namespaces=namespaces)
+        der_encoded_key_value = signature.find("ds:KeyInfo/dsig11:DEREncodedKeyValue", namespaces=namespaces)
         signed_info_c14n = self._c14n(signed_info,
                                       algorithm=c14n_algorithm,
                                       inclusive_ns_prefixes=inclusive_ns_prefixes)
@@ -787,7 +801,7 @@ def verify(self, data, require_x509=True, x509_cert=None, cert_subject_name=None
                 raise InvalidSignature("Signature verification failed: {}".format(reason))
 
             if ignore_ambiguous_key_info is False:
-                if key_value is not None:
+                if key_value is not None or der_encoded_key_value is not None:
                     raise InvalidInput("Both X509Data and KeyValue found. Use verify(ignore_ambiguous_key_info=True) "
                                        "to ignore KeyValue and validate using X509Data only.")
 
@@ -806,10 +820,14 @@ def verify(self, data, require_x509=True, x509_cert=None, cert_subject_name=None
             if raw_signature != signer.finalize():
                 raise InvalidSignature("Signature mismatch (HMAC)")
         else:
-            if key_value is None:
+            if key_value is None and der_encoded_key_value is None:
                 raise InvalidInput("Expected to find either KeyValue or X509Data XML element in KeyInfo")
 
-            self._verify_signature_with_pubkey(signed_info_c14n, raw_signature, key_value, signature_alg)
+            self._verify_signature_with_pubkey(signed_info_c14n=signed_info_c14n,
+                                               raw_signature=raw_signature,
+                                               key_value=key_value,
+                                               der_encoded_key_value=der_encoded_key_value,
+                                               signature_alg=signature_alg)
 
         verify_results = []
         for reference in self._findall(signed_info, "Reference"):

test/interop/TR2012/signature-enveloping-derencoded-ec.xml

@@ -0,0 +1 @@
+<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"/><dsig:Reference URI="#DSig.Object_zv1ejyt3CTdWWFZEI3SgsQ22" Type="http://www.w3.org/2000/09/xmldsig#Object"><dsig:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><dsig:DigestValue>Rw1PkDehlYLIVVATQVi2Z41XEBCUNaV7z63AteOr6P0=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>56WG05ONca26cxpmLaRc+6RHfk1wTimQ4rguHq+ogAk08DvCB+bs3WLgdMJQDWOxMOjVMuxuF+Bue7X382iB9Q==</dsig:SignatureValue><dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig11:DEREncodedKeyValue xmlns:dsig11="http://www.w3.org/2009/xmldsig11#">MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEn/Jpc2WrgVE5vIkIGFvmMDPwZXOKcrdsEYuNIN+NsnA1/J22COeVLgSwObFJGFbIlaroYirLnC+dqIBErTi4Hg==</dsig11:DEREncodedKeyValue></dsig:KeyInfo><dsig:Object Id="DSig.Object_zv1ejyt3CTdWWFZEI3SgsQ22" MimeType="text/xml"><Web>up up and away</Web></dsig:Object></dsig:Signature>

test/interop/TR2012/signature-enveloping-derencoded-rsa.xml

@@ -0,0 +1 @@
+<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><dsig:Reference URI="#DSig.Object_ot2pLlQIKFpOeOFz7tIxAA22" Type="http://www.w3.org/2000/09/xmldsig#Object"><dsig:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><dsig:DigestValue>YTJxH5xCH5ovK2sO5iPP/zdBlWY5X52sNQu7ZudAeBI=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>QZ1oI7glq+95SaTZWnjSN7iXymskw1tOguy3Pe+GcpZkFrTLyqpOSj0fF0iXAGQASaOCq8Py9JfKTayDQ3fNR8v83XbDOQfdPH/vHsxvMm02hyUNDTCPXQ4+TE3CP4909BVtRwMpUopHuKuQ6wS8gWs4pwSrNMxZe+8JF6BpQw0=</dsig:SignatureValue><dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig11:DEREncodedKeyValue xmlns:dsig11="http://www.w3.org/2009/xmldsig11#">MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCAhvqcAH2hL8AjmMiPpbKa9CFHGIyUTTsbhpuYyWJiLnNbO9oUTa2dT5FkgGC2hdyAMQhT++wtC63ufMKf2YfELwkRpXgPhT3WPrgDJlqRKGonDuqMl+pTHE8vTIm/agWKi48OMa4n0k+LQ2uxmr7J9Z8znizhv1I2Rw4hUzJtlQIDAQAB</dsig11:DEREncodedKeyValue></dsig:KeyInfo><dsig:Object Id="DSig.Object_ot2pLlQIKFpOeOFz7tIxAA22" MimeType="text/xml"><Web>up up and away</Web></dsig:Object></dsig:Signature>

test/interop/TR2012/signature-enveloping-hmac-sha1-truncated160.xml

@@ -0,0 +1 @@
+<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"><dsig:HMACOutputLength>160</dsig:HMACOutputLength></dsig:SignatureMethod><dsig:Reference URI="#DSig.Object_1yVYtKFlTlcmDIr0WP37Bw22" Type="http://www.w3.org/2000/09/xmldsig#Object"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>aUBtTm4lFowBT53wyCbjBWdD0gk=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>ou9QVz7ptxtmyN4Q5Hutrn6C+n4=</dsig:SignatureValue><dsig:Object Id="DSig.Object_1yVYtKFlTlcmDIr0WP37Bw22" MimeType="text/xml"><Web>up up and away</Web></dsig:Object></dsig:Signature>

test/interop/TR2012/signature-enveloping-hmac-sha224.xml

@@ -0,0 +1 @@
+<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#hmac-sha224"/><dsig:Reference URI="#DSig.Object_UwWZILpbo3KStDoKohcN1g22" Type="http://www.w3.org/2000/09/xmldsig#Object"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>1tAcTU0Q/Zeyko68KfIOv/xtE8g=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>mGVr02mcDQyHHnRM2ete6TKvrmFzPbbVT2toIA==</dsig:SignatureValue><dsig:Object Id="DSig.Object_UwWZILpbo3KStDoKohcN1g22" MimeType="text/xml"><Web>up up and away</Web></dsig:Object></dsig:Signature>

test/interop/TR2012/signature-enveloping-hmac-sha256.xml

@@ -0,0 +1 @@
+<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#hmac-sha256"/><dsig:Reference URI="#DSig.Object_I08V3cMJvHneFuSSVRb87A22" Type="http://www.w3.org/2000/09/xmldsig#Object"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>myrT5qEfA7Wemy2WONCZG66c5QE=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>s8ntBS/35iYGZYg16NrU4vwxdUufDXw/YVN5E9AIUK0=</dsig:SignatureValue><dsig:Object Id="DSig.Object_I08V3cMJvHneFuSSVRb87A22" MimeType="text/xml"><Web>up up and away</Web></dsig:Object></dsig:Signature>

test/interop/TR2012/signature-enveloping-hmac-sha384.xml

@@ -0,0 +1 @@
+<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#hmac-sha384"/><dsig:Reference URI="#DSig.Object_0q8wjo0qP2ooumJzyGQWzQ22" Type="http://www.w3.org/2000/09/xmldsig#Object"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>PsNGbqz06zzJcfkBaplANvpyhXI=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>jYHiMcpr59PrjV8rmngQcxydeV13LMXmt8iMtmbpQUTM+wXO1aHKyfnsH/XTWXW6</dsig:SignatureValue><dsig:Object Id="DSig.Object_0q8wjo0qP2ooumJzyGQWzQ22" MimeType="text/xml"><Web>up up and away</Web></dsig:Object></dsig:Signature>

test/interop/TR2012/signature-enveloping-hmac-sha512.xml

@@ -0,0 +1 @@
+<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#hmac-sha512"/><dsig:Reference URI="#DSig.Object_pxpuGtZf0WCLD4AgOJbjHw22" Type="http://www.w3.org/2000/09/xmldsig#Object"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>fwm9s3Hq9+dRyOf9an94FjEw4Fc=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>wFoZP3D/9HTS1N5VR/L6Xh2ID47zlJ9oRsa4NnGsHxoCefpSBX9B7pggw13NjpqTgkvd1oUQA2JC6BLNrlCvtQ==</dsig:SignatureValue><dsig:Object Id="DSig.Object_pxpuGtZf0WCLD4AgOJbjHw22" MimeType="text/xml"><Web>up up and away</Web></dsig:Object></dsig:Signature>

test/interop/TR2012/signature-enveloping-keyinforeference-rsa.xml

@@ -0,0 +1 @@
+<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><dsig:Reference URI="#DSig.Object_W1u9Me3FAhWb4c7uH1IEmA22" Type="http://www.w3.org/2000/09/xmldsig#Object"><dsig:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><dsig:DigestValue>pIlWn63gFMDXoVp2L+U5Trd12E6jOZFWILhMzGn03S4=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>aADsyli38qcbVAEecC9m5b03FDNBjoSNxJenOmdByqFnfrPPMmzMPXR4roCRjri99FOjl6Ax7Nik6UsZWWEM7VRL5wv+Aurz0WP6suw/XkG2ZynELh6fUmxWGKMP8O9ZkhDXMnJQlikJlRRagH3OSqo0ObYbU3q267uW2IRTM6A=</dsig:SignatureValue><dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig11:KeyInfoReference xmlns:dsig11="http://www.w3.org/2009/xmldsig11#" URI="#KeyInfoID"/></dsig:KeyInfo><dsig:Object Id="DSig.Object_W1u9Me3FAhWb4c7uH1IEmA22" MimeType="text/xml"><Web>up up and away</Web></dsig:Object><dsig:Object Id="DSig.Object_ivEK2COgIC4F8ZGLuETxSw22" MimeType="text/xml"><dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Id="KeyInfoID"><dsig:KeyValue><dsig:RSAKeyValue><dsig:Modulus>gIb6nAB9oS/AI5jIj6WymvQhRxiMlE07G4abmMliYi5zWzvaFE2tnU+RZIBgtoXcgDEIU/vsLQut7nzCn9mHxC8JEaV4D4U91j64AyZakShqJw7qjJfqUxxPL0yJv2oFiouPDjGuJ9JPi0NrsZq+yfWfM54s4b9SNkcOIVMybZU=</dsig:Modulus><dsig:Exponent>AQAB</dsig:Exponent></dsig:RSAKeyValue></dsig:KeyValue></dsig:KeyInfo></dsig:Object></dsig:Signature>

test/interop/TR2012/signature-enveloping-p256_sha1.xml

@@ -0,0 +1 @@
+<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"/><dsig:Reference URI="#DSig.Object_1" Type="http://www.w3.org/2000/09/xmldsig#Object"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>QyX9FBWyHn4T5eTnSMtylMw+tNQ=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>/UIcB0BiRpxs6lTKEsoaCOupt3JeShaV92TZYz6qFC9AunPqVpNWarll890jY4QLumx/1MOHD+Us9bP7QSalrQ==</dsig:SignatureValue><dsig:KeyInfo><dsig:KeyValue><ECKeyValue xmlns="http://www.w3.org/2009/xmldsig11#"><NamedCurve URI="urn:oid:1.2.840.10045.3.1.7"/><PublicKey>BJ/yaXNlq4FRObyJCBhb5jAz8GVzinK3bBGLjSDfjbJwNfydtgjnlS4EsDmxSRhWyJWq6GIqy5wvnaiARK04uB4=</PublicKey></ECKeyValue></dsig:KeyValue></dsig:KeyInfo><dsig:Object Id="DSig.Object_1" MimeType="text/xml"><Web>up up and away</Web></dsig:Object></dsig:Signature>