def test_vector(self): curve = GOST3410Curve(*CURVE_PARAMS["GostR3410_2012_TC26_ParamSetA"]) ukm = ukm_unmarshal(hexdec("1d80603c8544c727")) prvA = prv_unmarshal(hexdec("c990ecd972fce84ec4db022778f50fcac726f46708384b8d458304962d7147f8c2db41cef22c90b102f2968404f9b9be6d47c79692d81826b32b8daca43cb667")) pubA = pub_unmarshal(hexdec("aab0eda4abff21208d18799fb9a8556654ba783070eba10cb9abb253ec56dcf5d3ccba6192e464e6e5bcb6dea137792f2431f6c897eb1b3c0cc14327b1adc0a7914613a3074e363aedb204d38d3563971bd8758e878c9db11403721b48002d38461f92472d40ea92f9958c0ffa4c93756401b97f89fdbe0b5e46e4a4631cdb5a"), mode=2012) prvB = prv_unmarshal(hexdec("48c859f7b6f11585887cc05ec6ef1390cfea739b1a18c0d4662293ef63b79e3b8014070b44918590b4b996acfea4edfbbbcccc8c06edd8bf5bda92a51392d0db")) pubB = pub_unmarshal(hexdec("192fe183b9713a077253c72c8735de2ea42a3dbc66ea317838b65fa32523cd5efca974eda7c863f4954d1147f1f2b25c395fce1c129175e876d132e94ed5a65104883b414c9b592ec4dc84826f07d0b6d9006dda176ce48c391e3f97d102e03bb598bf132a228a45f7201aba08fc524a2d77e43a362ab022ad4028f75bde3b79"), mode=2012) vko = hexdec("79f002a96940ce7bde3259a52e015297adaad84597a0d205b50e3e1719f97bfa7ee1d2661fa9979a5aa235b558a7e6d9f88f982dd63fc35a8ec0dd5e242d3bdf") self.assertEqual(kek_34102012512(curve, prvA, pubB, ukm), vko) self.assertEqual(kek_34102012512(curve, prvB, pubA, ukm), vko)
def test_vector(self): curve = GOST3410Curve(*CURVE_PARAMS["GostR3410_2001_TestParamSet"]) ukm = ukm_unmarshal(hexdec("5172be25f852a233")) prv1 = prv_unmarshal(hexdec("1df129e43dab345b68f6a852f4162dc69f36b2f84717d08755cc5c44150bf928")) prv2 = prv_unmarshal(hexdec("5b9356c6474f913f1e83885ea0edd5df1a43fd9d799d219093241157ac9ed473")) kek = hexdec("ee4618a0dbb10cb31777b4b86a53d9e7ef6cb3e400101410f0c0f2af46c494a6") pub1 = public_key(curve, prv1) pub2 = public_key(curve, prv2) self.assertEqual(kek_34102001(curve, prv1, pub2, ukm), kek) self.assertEqual(kek_34102001(curve, prv2, pub1, ukm), kek)
def keker(curve, prv, pub, ukm): return kek_34102012256( curve, prv_unmarshal(prv), pub_unmarshal(pub, mode=2012), ukm_unmarshal(ukm), )
def test_vector(self): curve = CURVES["id-tc26-gost-3410-12-512-paramSetA"] ukm = ukm_unmarshal(hexdec("1d80603c8544c727")) prvA = prv_unmarshal( hexdec( "c990ecd972fce84ec4db022778f50fcac726f46708384b8d458304962d7147f8c2db41cef22c90b102f2968404f9b9be6d47c79692d81826b32b8daca43cb667" )) pubA = pub_unmarshal(hexdec( "aab0eda4abff21208d18799fb9a8556654ba783070eba10cb9abb253ec56dcf5d3ccba6192e464e6e5bcb6dea137792f2431f6c897eb1b3c0cc14327b1adc0a7914613a3074e363aedb204d38d3563971bd8758e878c9db11403721b48002d38461f92472d40ea92f9958c0ffa4c93756401b97f89fdbe0b5e46e4a4631cdb5a" ), mode=2012) prvB = prv_unmarshal( hexdec( "48c859f7b6f11585887cc05ec6ef1390cfea739b1a18c0d4662293ef63b79e3b8014070b44918590b4b996acfea4edfbbbcccc8c06edd8bf5bda92a51392d0db" )) pubB = pub_unmarshal(hexdec( "192fe183b9713a077253c72c8735de2ea42a3dbc66ea317838b65fa32523cd5efca974eda7c863f4954d1147f1f2b25c395fce1c129175e876d132e94ed5a65104883b414c9b592ec4dc84826f07d0b6d9006dda176ce48c391e3f97d102e03bb598bf132a228a45f7201aba08fc524a2d77e43a362ab022ad4028f75bde3b79" ), mode=2012) vko = hexdec( "c9a9a77320e2cc559ed72dce6f47e2192ccea95fa648670582c054c0ef36c221") self.assertSequenceEqual(kek_34102012256(curve, prvA, pubB, ukm), vko) self.assertSequenceEqual(kek_34102012256(curve, prvB, pubA, ukm), vko)
def __init__(self, curve_type="id-tc26-gost-3410-2012-256-paramSetA", raw_key=None, private=None, cert=None): self.curve = gost3410.CURVES[curve_type] self.curve_type = curve_type if raw_key is None: raw_key = rand_bytes(32) if private == None: self.private = gost3410.prv_unmarshal(raw_key) else: self.private = private self.public = PublicKey(curve_type=self.curve_type, priv_key=self.private, cert=cert)
def process_cert(self, curve_name, mode, hasher, prv_key_raw, cert_raw): cert, tail = Certificate().decode(cert_raw) self.assertSequenceEqual(tail, b"") curve = GOST3410Curve(*CURVE_PARAMS[curve_name]) prv_key = prv_unmarshal(prv_key_raw) pub_key_raw, tail = OctetString().decode( bytes(cert["tbsCertificate"]["subjectPublicKeyInfo"] ["subjectPublicKey"])) pub_key = pub_unmarshal(bytes(pub_key_raw), mode=mode) self.assertSequenceEqual(tail, b"") self.assertSequenceEqual(pub_key, public_key(curve, prv_key)) self.assertTrue( verify( curve, pub_key, hasher(cert["tbsCertificate"].encode()).digest()[::-1], bytes(cert["signatureValue"]), mode=mode, ))
def process_cms( self, content_info_raw, prv_key_raw, curve_name, hasher, mode, ): content_info, tail = ContentInfo().decode(content_info_raw) self.assertSequenceEqual(tail, b"") self.assertIsNotNone(content_info["content"].defined) _, signed_data = content_info["content"].defined self.assertEqual(len(signed_data["signerInfos"]), 1) curve = CURVES[curve_name] self.assertTrue( verify( curve, public_key(curve, prv_unmarshal(prv_key_raw)), hasher(bytes(signed_data["encapContentInfo"] ["eContent"])).digest()[::-1], bytes(signed_data["signerInfos"][0]["signature"]), mode=mode, ))
def process_cms( self, content_info_raw, prv_key_raw, curve_name, hasher, mode, ): content_info, tail = ContentInfo().decode(content_info_raw) self.assertSequenceEqual(tail, b"") signed_data, tail = SignedData().decode(bytes(content_info["content"])) self.assertSequenceEqual(tail, b"") self.assertEqual(len(signed_data["signerInfos"]), 1) curve = GOST3410Curve(*CURVE_PARAMS[curve_name]) self.assertTrue( verify( curve, public_key(curve, prv_unmarshal(prv_key_raw)), hasher(bytes(signed_data["encapContentInfo"] ["eContent"])).digest()[::-1], bytes(signed_data["signerInfos"][0]["signature"]), mode=mode, ))
def process_cert(self, curve_name, mode, hasher, prv_key_raw, cert_raw): cert, tail = Certificate().decode( cert_raw, ctx={ "defines_by_path": (( ( "tbsCertificate", "subjectPublicKeyInfo", "algorithm", "algorithm", ), (( ("..", "subjectPublicKey"), { id_tc26_gost3410_2012_256: OctetString(), id_tc26_gost3410_2012_512: OctetString(), }, ), ), ), ), }) self.assertSequenceEqual(tail, b"") curve = CURVES[curve_name] prv_key = prv_unmarshal(prv_key_raw) spk = cert["tbsCertificate"]["subjectPublicKeyInfo"][ "subjectPublicKey"] self.assertIsNotNone(spk.defined) _, pub_key_raw = spk.defined pub_key = pub_unmarshal(bytes(pub_key_raw), mode=mode) self.assertSequenceEqual(pub_key, public_key(curve, prv_key)) self.assertTrue( verify( curve, pub_key, hasher(cert["tbsCertificate"].encode()).digest()[::-1], bytes(cert["signatureValue"]), mode=mode, ))
def _parse_private_key(cls, key: str) -> int: pem_key = cls._parse_pem(key) info = cls._parse_asn_prv_info(pem_key) private_key = cls._parse_asn_private_key(info) return gost3410.prv_unmarshal(bytes(private_key))
def generate(self): prv_raw = urandom(32) prv = prv_unmarshal(prv_raw) pub = public_key(curve, prv) return sk_(prv, pub)
def _test_vector( self, curve_name, mode, hsh, ai_spki, ai_sign, cert_serial, prv_hex, cr_sign_hex, cr_b64, c_sign_hex, c_b64, crl_sign_hex, crl_b64, ): prv_raw = hexdec(prv_hex)[::-1] prv = prv_unmarshal(prv_raw) curve = CURVES[curve_name] pub = public_key(curve, prv) pub_raw = pub_marshal(pub, mode=mode) subj = Name( ("rdnSequence", RDNSequence([ RelativeDistinguishedName((AttributeTypeAndValue(( ("type", AttributeType(id_at_commonName)), ("value", AttributeValue(PrintableString("Example"))), )), )) ]))) spki = SubjectPublicKeyInfo(( ("algorithm", ai_spki), ("subjectPublicKey", BitString(OctetString(pub_raw).encode())), )) # Certification request cri = CertificationRequestInfo(( ("version", Integer(0)), ("subject", subj), ("subjectPKInfo", spki), ("attributes", Attributes()), )) sign = hexdec(cr_sign_hex) self.assertTrue( verify( curve, pub, hsh(cri.encode()).digest()[::-1], sign, mode=mode, )) cr = CertificationRequest(( ("certificationRequestInfo", cri), ("signatureAlgorithm", ai_sign), ("signature", BitString(sign)), )) self.assertSequenceEqual(cr.encode(), b64decode(cr_b64)) # Certificate tbs = TBSCertificate(( ("version", Version("v3")), ("serialNumber", CertificateSerialNumber(cert_serial)), ("signature", ai_sign), ("issuer", subj), ("validity", Validity(( ("notBefore", Time(("utcTime", UTCTime(b"010101000000Z")))), ("notAfter", Time(("generalTime", GeneralizedTime(b"20501231000000Z")))), ))), ("subject", subj), ("subjectPublicKeyInfo", spki), ("extensions", Extensions((Extension(( ("extnID", id_ce_basicConstraints), ("critical", Boolean(True)), ("extnValue", OctetString( BasicConstraints((("cA", Boolean(True)), )).encode())), )), ))), )) sign = hexdec(c_sign_hex) self.assertTrue( verify( curve, pub, hsh(tbs.encode()).digest()[::-1], sign, mode=mode, )) cert = Certificate(( ("tbsCertificate", tbs), ("signatureAlgorithm", ai_sign), ("signatureValue", BitString(sign)), )) self.assertSequenceEqual(cert.encode(), b64decode(c_b64)) # CRL tbs = TBSCertList(( ("version", Version("v2")), ("signature", ai_sign), ("issuer", subj), ("thisUpdate", Time(("utcTime", UTCTime(b"140101000000Z")))), ("nextUpdate", Time(("utcTime", UTCTime(b"140102000000Z")))), )) sign = hexdec(crl_sign_hex) self.assertTrue( verify( curve, pub, hsh(tbs.encode()).digest()[::-1], sign, mode=mode, )) crl = CertificateList(( ("tbsCertList", tbs), ("signatureAlgorithm", ai_sign), ("signatureValue", BitString(sign)), )) self.assertSequenceEqual(crl.encode(), b64decode(crl_b64))
prv_raw = urandom(64) print("-----BEGIN PRIVATE KEY-----") print( pem( PrivateKeyInfo(( ("version", Integer(0)), ("privateKeyAlgorithm", PrivateKeyAlgorithmIdentifier(( ("algorithm", id_tc26_gost3410_2012_512), ("parameters", Any(key_params)), ))), ("privateKey", PrivateKey(prv_raw)), )))) print("-----END PRIVATE KEY-----") prv = prv_unmarshal(prv_raw) curve = CURVES["id-tc26-gost-3410-12-512-paramSetA"] pub_raw = pub_marshal(public_key(curve, prv), mode=2012) subj = Name(("rdnSequence", RDNSequence([ RelativeDistinguishedName((AttributeTypeAndValue(( ("type", AttributeType(id_at_commonName)), ("value", AttributeValue(PrintableString(argv[1]))), )), )) ]))) not_before = datetime.utcnow() not_after = not_before + timedelta(days=365) ai_sign = AlgorithmIdentifier( (("algorithm", id_tc26_signwithdigest_gost3410_2012_512), )) tbs = TBSCertificate(( ("version", Version("v3")),