class ECPrivateKey(Sequence): schema = ( ("version", Integer(ecPrivkeyVer1)), ("privateKey", OctetString()), ("parameters", ECParameters(expl=tag_ctxc(0), optional=True)), ("publicKey", BitString(expl=tag_ctxc(1), optional=True)), )
class Certificate(Sequence): # Certificate ::= SEQUENCE { # tbsCertificate TBSCertificate, # signatureAlgorithm AlgorithmIdentifier, # signature BIT STRING } schema = ( ("tbsCertificate", TBSCertificate()), ("signatureAlgorithm", AlgorithmIdentifier()), ("signatureValue", BitString()), )
class CertificationRequest(Sequence): schema = ( ("certificationRequestInfo", CertificationRequestInfo()), ("signatureAlgorithm", AlgorithmIdentifier()), ("signature", BitString()), )
class CertificateList(Sequence): schema = ( ("tbsCertList", TBSCertList()), ("signatureAlgorithm", AlgorithmIdentifier()), ("signatureValue", BitString()), )
class SubjectPublicKeyInfo(Sequence): schema = ( ("algorithm", AlgorithmIdentifier()), ("subjectPublicKey", BitString()), )
class OriginatorPublicKey(Sequence): schema = ( ("algorithm", AlgorithmIdentifier()), ("publicKey", BitString()), )
def _test_vector( self, curve_name, mode, hsh, ai_spki, ai_sign, cert_serial, prv_hex, cr_sign_hex, cr_b64, c_sign_hex, c_b64, crl_sign_hex, crl_b64, ): prv_raw = hexdec(prv_hex)[::-1] prv = prv_unmarshal(prv_raw) curve = CURVES[curve_name] pub = public_key(curve, prv) pub_raw = pub_marshal(pub, mode=mode) subj = Name( ("rdnSequence", RDNSequence([ RelativeDistinguishedName((AttributeTypeAndValue(( ("type", AttributeType(id_at_commonName)), ("value", AttributeValue(PrintableString("Example"))), )), )) ]))) spki = SubjectPublicKeyInfo(( ("algorithm", ai_spki), ("subjectPublicKey", BitString(OctetString(pub_raw).encode())), )) # Certification request cri = CertificationRequestInfo(( ("version", Integer(0)), ("subject", subj), ("subjectPKInfo", spki), ("attributes", Attributes()), )) sign = hexdec(cr_sign_hex) self.assertTrue( verify( curve, pub, hsh(cri.encode()).digest()[::-1], sign, mode=mode, )) cr = CertificationRequest(( ("certificationRequestInfo", cri), ("signatureAlgorithm", ai_sign), ("signature", BitString(sign)), )) self.assertSequenceEqual(cr.encode(), b64decode(cr_b64)) # Certificate tbs = TBSCertificate(( ("version", Version("v3")), ("serialNumber", CertificateSerialNumber(cert_serial)), ("signature", ai_sign), ("issuer", subj), ("validity", Validity(( ("notBefore", Time(("utcTime", UTCTime(b"010101000000Z")))), ("notAfter", Time(("generalTime", GeneralizedTime(b"20501231000000Z")))), ))), ("subject", subj), ("subjectPublicKeyInfo", spki), ("extensions", Extensions((Extension(( ("extnID", id_ce_basicConstraints), ("critical", Boolean(True)), ("extnValue", OctetString( BasicConstraints((("cA", Boolean(True)), )).encode())), )), ))), )) sign = hexdec(c_sign_hex) self.assertTrue( verify( curve, pub, hsh(tbs.encode()).digest()[::-1], sign, mode=mode, )) cert = Certificate(( ("tbsCertificate", tbs), ("signatureAlgorithm", ai_sign), ("signatureValue", BitString(sign)), )) self.assertSequenceEqual(cert.encode(), b64decode(c_b64)) # CRL tbs = TBSCertList(( ("version", Version("v2")), ("signature", ai_sign), ("issuer", subj), ("thisUpdate", Time(("utcTime", UTCTime(b"140101000000Z")))), ("nextUpdate", Time(("utcTime", UTCTime(b"140102000000Z")))), )) sign = hexdec(crl_sign_hex) self.assertTrue( verify( curve, pub, hsh(tbs.encode()).digest()[::-1], sign, mode=mode, )) crl = CertificateList(( ("tbsCertList", tbs), ("signatureAlgorithm", ai_sign), ("signatureValue", BitString(sign)), )) self.assertSequenceEqual(crl.encode(), b64decode(crl_b64))
("signature", ai_sign), ("issuer", subj), ("validity", Validity(( ("notBefore", Time(("utcTime", UTCTime(not_before)))), ("notAfter", Time(("utcTime", UTCTime(not_after)))), ))), ("subject", subj), ("subjectPublicKeyInfo", SubjectPublicKeyInfo(( ("algorithm", AlgorithmIdentifier(( ("algorithm", id_tc26_gost3410_2012_512), ("parameters", Any(key_params)), ))), ("subjectPublicKey", BitString(OctetString(pub_raw).encode())), ))), ("extensions", Extensions((Extension(( ("extnID", id_ce_subjectKeyIdentifier), ("extnValue", OctetString( SubjectKeyIdentifier( GOST34112012512(pub_raw).digest()[:20]).encode())), )), ))), )) cert = Certificate(( ("tbsCertificate", tbs), ("signatureAlgorithm", ai_sign), ("signatureValue", BitString(