class CertificationRequestInfo(Sequence): schema = ( ("version", Integer(0)), ("subject", Name()), ("subjectPKInfo", SubjectPublicKeyInfo()), ("attributes", Attributes(impl=tag_ctxc(0))), )
class ECPrivateKey(Sequence): schema = ( ("version", Integer(ecPrivkeyVer1)), ("privateKey", OctetString()), ("parameters", ECParameters(expl=tag_ctxc(0), optional=True)), ("publicKey", BitString(expl=tag_ctxc(1), optional=True)), )
def _test_vector( self, curve_name, mode, hsh, ai_spki, ai_sign, cert_serial, prv_hex, cr_sign_hex, cr_b64, c_sign_hex, c_b64, crl_sign_hex, crl_b64, ): prv_raw = hexdec(prv_hex)[::-1] prv = prv_unmarshal(prv_raw) curve = CURVES[curve_name] pub = public_key(curve, prv) pub_raw = pub_marshal(pub, mode=mode) subj = Name( ("rdnSequence", RDNSequence([ RelativeDistinguishedName((AttributeTypeAndValue(( ("type", AttributeType(id_at_commonName)), ("value", AttributeValue(PrintableString("Example"))), )), )) ]))) spki = SubjectPublicKeyInfo(( ("algorithm", ai_spki), ("subjectPublicKey", BitString(OctetString(pub_raw).encode())), )) # Certification request cri = CertificationRequestInfo(( ("version", Integer(0)), ("subject", subj), ("subjectPKInfo", spki), ("attributes", Attributes()), )) sign = hexdec(cr_sign_hex) self.assertTrue( verify( curve, pub, hsh(cri.encode()).digest()[::-1], sign, mode=mode, )) cr = CertificationRequest(( ("certificationRequestInfo", cri), ("signatureAlgorithm", ai_sign), ("signature", BitString(sign)), )) self.assertSequenceEqual(cr.encode(), b64decode(cr_b64)) # Certificate tbs = TBSCertificate(( ("version", Version("v3")), ("serialNumber", CertificateSerialNumber(cert_serial)), ("signature", ai_sign), ("issuer", subj), ("validity", Validity(( ("notBefore", Time(("utcTime", UTCTime(b"010101000000Z")))), ("notAfter", Time(("generalTime", GeneralizedTime(b"20501231000000Z")))), ))), ("subject", subj), ("subjectPublicKeyInfo", spki), ("extensions", Extensions((Extension(( ("extnID", id_ce_basicConstraints), ("critical", Boolean(True)), ("extnValue", OctetString( BasicConstraints((("cA", Boolean(True)), )).encode())), )), ))), )) sign = hexdec(c_sign_hex) self.assertTrue( verify( curve, pub, hsh(tbs.encode()).digest()[::-1], sign, mode=mode, )) cert = Certificate(( ("tbsCertificate", tbs), ("signatureAlgorithm", ai_sign), ("signatureValue", BitString(sign)), )) self.assertSequenceEqual(cert.encode(), b64decode(c_b64)) # CRL tbs = TBSCertList(( ("version", Version("v2")), ("signature", ai_sign), ("issuer", subj), ("thisUpdate", Time(("utcTime", UTCTime(b"140101000000Z")))), ("nextUpdate", Time(("utcTime", UTCTime(b"140102000000Z")))), )) sign = hexdec(crl_sign_hex) self.assertTrue( verify( curve, pub, hsh(tbs.encode()).digest()[::-1], sign, mode=mode, )) crl = CertificateList(( ("tbsCertList", tbs), ("signatureAlgorithm", ai_sign), ("signatureValue", BitString(sign)), )) self.assertSequenceEqual(crl.encode(), b64decode(crl_b64))
class PFX(Sequence): schema = ( ("version", Integer(default=1)), ("authSafe", AuthSafe()), ("macData", MacData(optional=True)), )
class MacData(Sequence): schema = ( ("mac", DigestInfo()), ("macSalt", OctetString()), ("iterations", Integer(default=1)), )
class PrivateKeyInfo(Sequence): schema = ( ("version", Integer(0)), ("privateKeyAlgorithm", PrivateKeyAlgorithmIdentifier()), ("privateKey", PrivateKey()), )
from pyderasn import tag_ctxc from pygost.asn1schemas.oids import id_tc26_gost3410_2012_256 from pygost.asn1schemas.oids import id_tc26_gost3410_2012_512 from pygost.asn1schemas.x509 import GostR34102012PublicKeyParameters class ECParameters(Choice): schema = ( ("namedCurve", ObjectIdentifier()), ("implicitCurve", Null()), # ("specifiedCurve", SpecifiedECDomain()), ) ecPrivkeyVer1 = Integer(1) class ECPrivateKey(Sequence): schema = ( ("version", Integer(ecPrivkeyVer1)), ("privateKey", OctetString()), ("parameters", ECParameters(expl=tag_ctxc(0), optional=True)), ("publicKey", BitString(expl=tag_ctxc(1), optional=True)), ) class PrivateKeyAlgorithmIdentifier(Sequence): schema = ( ("algorithm", ObjectIdentifier(defines=((
def pem(obj): return fill(standard_b64encode(obj.encode()).decode('ascii'), 64) key_params = GostR34102012PublicKeyParameters(( ("publicKeyParamSet", id_tc26_gost3410_2012_512_paramSetA), ("digestParamSet", id_tc26_gost3411_2012_512), )) prv_raw = urandom(64) print("-----BEGIN PRIVATE KEY-----") print( pem( PrivateKeyInfo(( ("version", Integer(0)), ("privateKeyAlgorithm", PrivateKeyAlgorithmIdentifier(( ("algorithm", id_tc26_gost3410_2012_512), ("parameters", Any(key_params)), ))), ("privateKey", PrivateKey(prv_raw)), )))) print("-----END PRIVATE KEY-----") prv = prv_unmarshal(prv_raw) curve = CURVES["id-tc26-gost-3410-12-512-paramSetA"] pub_raw = pub_marshal(public_key(curve, prv), mode=2012) subj = Name(("rdnSequence", RDNSequence([ RelativeDistinguishedName((AttributeTypeAndValue((