class CertificationRequestInfo(Sequence):
schema = (
("version", Integer(0)),
("subject", Name()),
("subjectPKInfo", SubjectPublicKeyInfo()),
("attributes", Attributes(impl=tag_ctxc(0))),
)
class ECPrivateKey(Sequence):
schema = (
("version", Integer(ecPrivkeyVer1)),
("privateKey", OctetString()),
("parameters", ECParameters(expl=tag_ctxc(0), optional=True)),
("publicKey", BitString(expl=tag_ctxc(1), optional=True)),
)
def _test_vector(
self,
curve_name,
mode,
hsh,
ai_spki,
ai_sign,
cert_serial,
prv_hex,
cr_sign_hex,
cr_b64,
c_sign_hex,
c_b64,
crl_sign_hex,
crl_b64,
):
prv_raw = hexdec(prv_hex)[::-1]
prv = prv_unmarshal(prv_raw)
curve = CURVES[curve_name]
pub = public_key(curve, prv)
pub_raw = pub_marshal(pub, mode=mode)
subj = Name(
("rdnSequence",
RDNSequence([
RelativeDistinguishedName((AttributeTypeAndValue((
("type", AttributeType(id_at_commonName)),
("value", AttributeValue(PrintableString("Example"))),
)), ))
])))
spki = SubjectPublicKeyInfo((
("algorithm", ai_spki),
("subjectPublicKey", BitString(OctetString(pub_raw).encode())),
))
# Certification request
cri = CertificationRequestInfo((
("version", Integer(0)),
("subject", subj),
("subjectPKInfo", spki),
("attributes", Attributes()),
))
sign = hexdec(cr_sign_hex)
self.assertTrue(
verify(
curve,
pub,
hsh(cri.encode()).digest()[::-1],
sign,
mode=mode,
))
cr = CertificationRequest((
("certificationRequestInfo", cri),
("signatureAlgorithm", ai_sign),
("signature", BitString(sign)),
))
self.assertSequenceEqual(cr.encode(), b64decode(cr_b64))
# Certificate
tbs = TBSCertificate((
("version", Version("v3")),
("serialNumber", CertificateSerialNumber(cert_serial)),
("signature", ai_sign),
("issuer", subj),
("validity",
Validity((
("notBefore", Time(("utcTime", UTCTime(b"010101000000Z")))),
("notAfter",
Time(("generalTime", GeneralizedTime(b"20501231000000Z")))),
))),
("subject", subj),
("subjectPublicKeyInfo", spki),
("extensions",
Extensions((Extension((
("extnID", id_ce_basicConstraints),
("critical", Boolean(True)),
("extnValue",
OctetString(
BasicConstraints((("cA", Boolean(True)), )).encode())),
)), ))),
))
sign = hexdec(c_sign_hex)
self.assertTrue(
verify(
curve,
pub,
hsh(tbs.encode()).digest()[::-1],
sign,
mode=mode,
))
cert = Certificate((
("tbsCertificate", tbs),
("signatureAlgorithm", ai_sign),
("signatureValue", BitString(sign)),
))
self.assertSequenceEqual(cert.encode(), b64decode(c_b64))
# CRL
tbs = TBSCertList((
("version", Version("v2")),
("signature", ai_sign),
("issuer", subj),
("thisUpdate", Time(("utcTime", UTCTime(b"140101000000Z")))),
("nextUpdate", Time(("utcTime", UTCTime(b"140102000000Z")))),
))
sign = hexdec(crl_sign_hex)
self.assertTrue(
verify(
curve,
pub,
hsh(tbs.encode()).digest()[::-1],
sign,
mode=mode,
))
crl = CertificateList((
("tbsCertList", tbs),
("signatureAlgorithm", ai_sign),
("signatureValue", BitString(sign)),
))
self.assertSequenceEqual(crl.encode(), b64decode(crl_b64))
class PFX(Sequence):
schema = (
("version", Integer(default=1)),
("authSafe", AuthSafe()),
("macData", MacData(optional=True)),
)
class MacData(Sequence):
schema = (
("mac", DigestInfo()),
("macSalt", OctetString()),
("iterations", Integer(default=1)),
)
class PrivateKeyInfo(Sequence):
schema = (
("version", Integer(0)),
("privateKeyAlgorithm", PrivateKeyAlgorithmIdentifier()),
("privateKey", PrivateKey()),
)
from pyderasn import tag_ctxc
from pygost.asn1schemas.oids import id_tc26_gost3410_2012_256
from pygost.asn1schemas.oids import id_tc26_gost3410_2012_512
from pygost.asn1schemas.x509 import GostR34102012PublicKeyParameters
class ECParameters(Choice):
schema = (
("namedCurve", ObjectIdentifier()),
("implicitCurve", Null()),
# ("specifiedCurve", SpecifiedECDomain()),
)
ecPrivkeyVer1 = Integer(1)
class ECPrivateKey(Sequence):
schema = (
("version", Integer(ecPrivkeyVer1)),
("privateKey", OctetString()),
("parameters", ECParameters(expl=tag_ctxc(0), optional=True)),
("publicKey", BitString(expl=tag_ctxc(1), optional=True)),
)
class PrivateKeyAlgorithmIdentifier(Sequence):
schema = (
("algorithm",
ObjectIdentifier(defines=((
def pem(obj):
return fill(standard_b64encode(obj.encode()).decode('ascii'), 64)
key_params = GostR34102012PublicKeyParameters((
("publicKeyParamSet", id_tc26_gost3410_2012_512_paramSetA),
("digestParamSet", id_tc26_gost3411_2012_512),
))
prv_raw = urandom(64)
print("-----BEGIN PRIVATE KEY-----")
print(
pem(
PrivateKeyInfo((
("version", Integer(0)),
("privateKeyAlgorithm",
PrivateKeyAlgorithmIdentifier((
("algorithm", id_tc26_gost3410_2012_512),
("parameters", Any(key_params)),
))),
("privateKey", PrivateKey(prv_raw)),
))))
print("-----END PRIVATE KEY-----")
prv = prv_unmarshal(prv_raw)
curve = CURVES["id-tc26-gost-3410-12-512-paramSetA"]
pub_raw = pub_marshal(public_key(curve, prv), mode=2012)
subj = Name(("rdnSequence",
RDNSequence([
RelativeDistinguishedName((AttributeTypeAndValue((