def to_string(self, pub=False):
if pub:
return hexenc(pub_marshal(self.pub))
return self.prv
def _test_vector(
self,
curve_name,
mode,
hsh,
ai_spki,
ai_sign,
cert_serial,
prv_hex,
cr_sign_hex,
cr_b64,
c_sign_hex,
c_b64,
crl_sign_hex,
crl_b64,
):
prv_raw = hexdec(prv_hex)[::-1]
prv = prv_unmarshal(prv_raw)
curve = CURVES[curve_name]
pub = public_key(curve, prv)
pub_raw = pub_marshal(pub, mode=mode)
subj = Name(
("rdnSequence",
RDNSequence([
RelativeDistinguishedName((AttributeTypeAndValue((
("type", AttributeType(id_at_commonName)),
("value", AttributeValue(PrintableString("Example"))),
)), ))
])))
spki = SubjectPublicKeyInfo((
("algorithm", ai_spki),
("subjectPublicKey", BitString(OctetString(pub_raw).encode())),
))
# Certification request
cri = CertificationRequestInfo((
("version", Integer(0)),
("subject", subj),
("subjectPKInfo", spki),
("attributes", Attributes()),
))
sign = hexdec(cr_sign_hex)
self.assertTrue(
verify(
curve,
pub,
hsh(cri.encode()).digest()[::-1],
sign,
mode=mode,
))
cr = CertificationRequest((
("certificationRequestInfo", cri),
("signatureAlgorithm", ai_sign),
("signature", BitString(sign)),
))
self.assertSequenceEqual(cr.encode(), b64decode(cr_b64))
# Certificate
tbs = TBSCertificate((
("version", Version("v3")),
("serialNumber", CertificateSerialNumber(cert_serial)),
("signature", ai_sign),
("issuer", subj),
("validity",
Validity((
("notBefore", Time(("utcTime", UTCTime(b"010101000000Z")))),
("notAfter",
Time(("generalTime", GeneralizedTime(b"20501231000000Z")))),
))),
("subject", subj),
("subjectPublicKeyInfo", spki),
("extensions",
Extensions((Extension((
("extnID", id_ce_basicConstraints),
("critical", Boolean(True)),
("extnValue",
OctetString(
BasicConstraints((("cA", Boolean(True)), )).encode())),
)), ))),
))
sign = hexdec(c_sign_hex)
self.assertTrue(
verify(
curve,
pub,
hsh(tbs.encode()).digest()[::-1],
sign,
mode=mode,
))
cert = Certificate((
("tbsCertificate", tbs),
("signatureAlgorithm", ai_sign),
("signatureValue", BitString(sign)),
))
self.assertSequenceEqual(cert.encode(), b64decode(c_b64))
# CRL
tbs = TBSCertList((
("version", Version("v2")),
("signature", ai_sign),
("issuer", subj),
("thisUpdate", Time(("utcTime", UTCTime(b"140101000000Z")))),
("nextUpdate", Time(("utcTime", UTCTime(b"140102000000Z")))),
))
sign = hexdec(crl_sign_hex)
self.assertTrue(
verify(
curve,
pub,
hsh(tbs.encode()).digest()[::-1],
sign,
mode=mode,
))
crl = CertificateList((
("tbsCertList", tbs),
("signatureAlgorithm", ai_sign),
("signatureValue", BitString(sign)),
))
self.assertSequenceEqual(crl.encode(), b64decode(crl_b64))
def kek(curve, prv, pub, ukm, mode):
key = curve.exp(prv, pub[0], pub[1])
key = curve.exp(ukm, key[0], key[1])
return pub_marshal(key, mode)
def encode(self):
return gost3410.pub_marshal(self.key)
print(
pem(
PrivateKeyInfo((
("version", Integer(0)),
("privateKeyAlgorithm",
PrivateKeyAlgorithmIdentifier((
("algorithm", id_tc26_gost3410_2012_512),
("parameters", Any(key_params)),
))),
("privateKey", PrivateKey(prv_raw)),
))))
print("-----END PRIVATE KEY-----")
prv = prv_unmarshal(prv_raw)
curve = CURVES["id-tc26-gost-3410-12-512-paramSetA"]
pub_raw = pub_marshal(public_key(curve, prv), mode=2012)
subj = Name(("rdnSequence",
RDNSequence([
RelativeDistinguishedName((AttributeTypeAndValue((
("type", AttributeType(id_at_commonName)),
("value", AttributeValue(PrintableString(argv[1]))),
)), ))
])))
not_before = datetime.utcnow()
not_after = not_before + timedelta(days=365)
ai_sign = AlgorithmIdentifier(
(("algorithm", id_tc26_signwithdigest_gost3410_2012_512), ))
tbs = TBSCertificate((
("version", Version("v3")),
("serialNumber", CertificateSerialNumber(12345)),
("signature", ai_sign),