def test_vector(self):
curve = GOST3410Curve(*CURVE_PARAMS["GostR3410_2012_TC26_ParamSetA"])
ukm = ukm_unmarshal(hexdec("1d80603c8544c727"))
prvA = prv_unmarshal(hexdec("c990ecd972fce84ec4db022778f50fcac726f46708384b8d458304962d7147f8c2db41cef22c90b102f2968404f9b9be6d47c79692d81826b32b8daca43cb667"))
pubA = pub_unmarshal(hexdec("aab0eda4abff21208d18799fb9a8556654ba783070eba10cb9abb253ec56dcf5d3ccba6192e464e6e5bcb6dea137792f2431f6c897eb1b3c0cc14327b1adc0a7914613a3074e363aedb204d38d3563971bd8758e878c9db11403721b48002d38461f92472d40ea92f9958c0ffa4c93756401b97f89fdbe0b5e46e4a4631cdb5a"), mode=2012)
prvB = prv_unmarshal(hexdec("48c859f7b6f11585887cc05ec6ef1390cfea739b1a18c0d4662293ef63b79e3b8014070b44918590b4b996acfea4edfbbbcccc8c06edd8bf5bda92a51392d0db"))
pubB = pub_unmarshal(hexdec("192fe183b9713a077253c72c8735de2ea42a3dbc66ea317838b65fa32523cd5efca974eda7c863f4954d1147f1f2b25c395fce1c129175e876d132e94ed5a65104883b414c9b592ec4dc84826f07d0b6d9006dda176ce48c391e3f97d102e03bb598bf132a228a45f7201aba08fc524a2d77e43a362ab022ad4028f75bde3b79"), mode=2012)
vko = hexdec("79f002a96940ce7bde3259a52e015297adaad84597a0d205b50e3e1719f97bfa7ee1d2661fa9979a5aa235b558a7e6d9f88f982dd63fc35a8ec0dd5e242d3bdf")
self.assertEqual(kek_34102012512(curve, prvA, pubB, ukm), vko)
self.assertEqual(kek_34102012512(curve, prvB, pubA, ukm), vko)
def test_vector(self):
curve = GOST3410Curve(*CURVE_PARAMS["GostR3410_2001_TestParamSet"])
ukm = ukm_unmarshal(hexdec("5172be25f852a233"))
prv1 = prv_unmarshal(hexdec("1df129e43dab345b68f6a852f4162dc69f36b2f84717d08755cc5c44150bf928"))
prv2 = prv_unmarshal(hexdec("5b9356c6474f913f1e83885ea0edd5df1a43fd9d799d219093241157ac9ed473"))
kek = hexdec("ee4618a0dbb10cb31777b4b86a53d9e7ef6cb3e400101410f0c0f2af46c494a6")
pub1 = public_key(curve, prv1)
pub2 = public_key(curve, prv2)
self.assertEqual(kek_34102001(curve, prv1, pub2, ukm), kek)
self.assertEqual(kek_34102001(curve, prv2, pub1, ukm), kek)
def keker(curve, prv, pub, ukm):
return kek_34102012256(
curve,
prv_unmarshal(prv),
pub_unmarshal(pub, mode=2012),
ukm_unmarshal(ukm),
)
def test_vector(self):
curve = CURVES["id-tc26-gost-3410-12-512-paramSetA"]
ukm = ukm_unmarshal(hexdec("1d80603c8544c727"))
prvA = prv_unmarshal(
hexdec(
"c990ecd972fce84ec4db022778f50fcac726f46708384b8d458304962d7147f8c2db41cef22c90b102f2968404f9b9be6d47c79692d81826b32b8daca43cb667"
))
pubA = pub_unmarshal(hexdec(
"aab0eda4abff21208d18799fb9a8556654ba783070eba10cb9abb253ec56dcf5d3ccba6192e464e6e5bcb6dea137792f2431f6c897eb1b3c0cc14327b1adc0a7914613a3074e363aedb204d38d3563971bd8758e878c9db11403721b48002d38461f92472d40ea92f9958c0ffa4c93756401b97f89fdbe0b5e46e4a4631cdb5a"
),
mode=2012)
prvB = prv_unmarshal(
hexdec(
"48c859f7b6f11585887cc05ec6ef1390cfea739b1a18c0d4662293ef63b79e3b8014070b44918590b4b996acfea4edfbbbcccc8c06edd8bf5bda92a51392d0db"
))
pubB = pub_unmarshal(hexdec(
"192fe183b9713a077253c72c8735de2ea42a3dbc66ea317838b65fa32523cd5efca974eda7c863f4954d1147f1f2b25c395fce1c129175e876d132e94ed5a65104883b414c9b592ec4dc84826f07d0b6d9006dda176ce48c391e3f97d102e03bb598bf132a228a45f7201aba08fc524a2d77e43a362ab022ad4028f75bde3b79"
),
mode=2012)
vko = hexdec(
"c9a9a77320e2cc559ed72dce6f47e2192ccea95fa648670582c054c0ef36c221")
self.assertSequenceEqual(kek_34102012256(curve, prvA, pubB, ukm), vko)
self.assertSequenceEqual(kek_34102012256(curve, prvB, pubA, ukm), vko)
def __init__(self,
curve_type="id-tc26-gost-3410-2012-256-paramSetA",
raw_key=None,
private=None,
cert=None):
self.curve = gost3410.CURVES[curve_type]
self.curve_type = curve_type
if raw_key is None:
raw_key = rand_bytes(32)
if private == None:
self.private = gost3410.prv_unmarshal(raw_key)
else:
self.private = private
self.public = PublicKey(curve_type=self.curve_type,
priv_key=self.private,
cert=cert)
def process_cert(self, curve_name, mode, hasher, prv_key_raw, cert_raw):
cert, tail = Certificate().decode(cert_raw)
self.assertSequenceEqual(tail, b"")
curve = GOST3410Curve(*CURVE_PARAMS[curve_name])
prv_key = prv_unmarshal(prv_key_raw)
pub_key_raw, tail = OctetString().decode(
bytes(cert["tbsCertificate"]["subjectPublicKeyInfo"]
["subjectPublicKey"]))
pub_key = pub_unmarshal(bytes(pub_key_raw), mode=mode)
self.assertSequenceEqual(tail, b"")
self.assertSequenceEqual(pub_key, public_key(curve, prv_key))
self.assertTrue(
verify(
curve,
pub_key,
hasher(cert["tbsCertificate"].encode()).digest()[::-1],
bytes(cert["signatureValue"]),
mode=mode,
))
def process_cms(
self,
content_info_raw,
prv_key_raw,
curve_name,
hasher,
mode,
):
content_info, tail = ContentInfo().decode(content_info_raw)
self.assertSequenceEqual(tail, b"")
self.assertIsNotNone(content_info["content"].defined)
_, signed_data = content_info["content"].defined
self.assertEqual(len(signed_data["signerInfos"]), 1)
curve = CURVES[curve_name]
self.assertTrue(
verify(
curve,
public_key(curve, prv_unmarshal(prv_key_raw)),
hasher(bytes(signed_data["encapContentInfo"]
["eContent"])).digest()[::-1],
bytes(signed_data["signerInfos"][0]["signature"]),
mode=mode,
))
def process_cms(
self,
content_info_raw,
prv_key_raw,
curve_name,
hasher,
mode,
):
content_info, tail = ContentInfo().decode(content_info_raw)
self.assertSequenceEqual(tail, b"")
signed_data, tail = SignedData().decode(bytes(content_info["content"]))
self.assertSequenceEqual(tail, b"")
self.assertEqual(len(signed_data["signerInfos"]), 1)
curve = GOST3410Curve(*CURVE_PARAMS[curve_name])
self.assertTrue(
verify(
curve,
public_key(curve, prv_unmarshal(prv_key_raw)),
hasher(bytes(signed_data["encapContentInfo"]
["eContent"])).digest()[::-1],
bytes(signed_data["signerInfos"][0]["signature"]),
mode=mode,
))
def process_cert(self, curve_name, mode, hasher, prv_key_raw, cert_raw):
cert, tail = Certificate().decode(
cert_raw,
ctx={
"defines_by_path": ((
(
"tbsCertificate",
"subjectPublicKeyInfo",
"algorithm",
"algorithm",
),
((
("..", "subjectPublicKey"),
{
id_tc26_gost3410_2012_256: OctetString(),
id_tc26_gost3410_2012_512: OctetString(),
},
), ),
), ),
})
self.assertSequenceEqual(tail, b"")
curve = CURVES[curve_name]
prv_key = prv_unmarshal(prv_key_raw)
spk = cert["tbsCertificate"]["subjectPublicKeyInfo"][
"subjectPublicKey"]
self.assertIsNotNone(spk.defined)
_, pub_key_raw = spk.defined
pub_key = pub_unmarshal(bytes(pub_key_raw), mode=mode)
self.assertSequenceEqual(pub_key, public_key(curve, prv_key))
self.assertTrue(
verify(
curve,
pub_key,
hasher(cert["tbsCertificate"].encode()).digest()[::-1],
bytes(cert["signatureValue"]),
mode=mode,
))
def _parse_private_key(cls, key: str) -> int:
pem_key = cls._parse_pem(key)
info = cls._parse_asn_prv_info(pem_key)
private_key = cls._parse_asn_private_key(info)
return gost3410.prv_unmarshal(bytes(private_key))
def generate(self):
prv_raw = urandom(32)
prv = prv_unmarshal(prv_raw)
pub = public_key(curve, prv)
return sk_(prv, pub)
def _test_vector(
self,
curve_name,
mode,
hsh,
ai_spki,
ai_sign,
cert_serial,
prv_hex,
cr_sign_hex,
cr_b64,
c_sign_hex,
c_b64,
crl_sign_hex,
crl_b64,
):
prv_raw = hexdec(prv_hex)[::-1]
prv = prv_unmarshal(prv_raw)
curve = CURVES[curve_name]
pub = public_key(curve, prv)
pub_raw = pub_marshal(pub, mode=mode)
subj = Name(
("rdnSequence",
RDNSequence([
RelativeDistinguishedName((AttributeTypeAndValue((
("type", AttributeType(id_at_commonName)),
("value", AttributeValue(PrintableString("Example"))),
)), ))
])))
spki = SubjectPublicKeyInfo((
("algorithm", ai_spki),
("subjectPublicKey", BitString(OctetString(pub_raw).encode())),
))
# Certification request
cri = CertificationRequestInfo((
("version", Integer(0)),
("subject", subj),
("subjectPKInfo", spki),
("attributes", Attributes()),
))
sign = hexdec(cr_sign_hex)
self.assertTrue(
verify(
curve,
pub,
hsh(cri.encode()).digest()[::-1],
sign,
mode=mode,
))
cr = CertificationRequest((
("certificationRequestInfo", cri),
("signatureAlgorithm", ai_sign),
("signature", BitString(sign)),
))
self.assertSequenceEqual(cr.encode(), b64decode(cr_b64))
# Certificate
tbs = TBSCertificate((
("version", Version("v3")),
("serialNumber", CertificateSerialNumber(cert_serial)),
("signature", ai_sign),
("issuer", subj),
("validity",
Validity((
("notBefore", Time(("utcTime", UTCTime(b"010101000000Z")))),
("notAfter",
Time(("generalTime", GeneralizedTime(b"20501231000000Z")))),
))),
("subject", subj),
("subjectPublicKeyInfo", spki),
("extensions",
Extensions((Extension((
("extnID", id_ce_basicConstraints),
("critical", Boolean(True)),
("extnValue",
OctetString(
BasicConstraints((("cA", Boolean(True)), )).encode())),
)), ))),
))
sign = hexdec(c_sign_hex)
self.assertTrue(
verify(
curve,
pub,
hsh(tbs.encode()).digest()[::-1],
sign,
mode=mode,
))
cert = Certificate((
("tbsCertificate", tbs),
("signatureAlgorithm", ai_sign),
("signatureValue", BitString(sign)),
))
self.assertSequenceEqual(cert.encode(), b64decode(c_b64))
# CRL
tbs = TBSCertList((
("version", Version("v2")),
("signature", ai_sign),
("issuer", subj),
("thisUpdate", Time(("utcTime", UTCTime(b"140101000000Z")))),
("nextUpdate", Time(("utcTime", UTCTime(b"140102000000Z")))),
))
sign = hexdec(crl_sign_hex)
self.assertTrue(
verify(
curve,
pub,
hsh(tbs.encode()).digest()[::-1],
sign,
mode=mode,
))
crl = CertificateList((
("tbsCertList", tbs),
("signatureAlgorithm", ai_sign),
("signatureValue", BitString(sign)),
))
self.assertSequenceEqual(crl.encode(), b64decode(crl_b64))
prv_raw = urandom(64)
print("-----BEGIN PRIVATE KEY-----")
print(
pem(
PrivateKeyInfo((
("version", Integer(0)),
("privateKeyAlgorithm",
PrivateKeyAlgorithmIdentifier((
("algorithm", id_tc26_gost3410_2012_512),
("parameters", Any(key_params)),
))),
("privateKey", PrivateKey(prv_raw)),
))))
print("-----END PRIVATE KEY-----")
prv = prv_unmarshal(prv_raw)
curve = CURVES["id-tc26-gost-3410-12-512-paramSetA"]
pub_raw = pub_marshal(public_key(curve, prv), mode=2012)
subj = Name(("rdnSequence",
RDNSequence([
RelativeDistinguishedName((AttributeTypeAndValue((
("type", AttributeType(id_at_commonName)),
("value", AttributeValue(PrintableString(argv[1]))),
)), ))
])))
not_before = datetime.utcnow()
not_after = not_before + timedelta(days=365)
ai_sign = AlgorithmIdentifier(
(("algorithm", id_tc26_signwithdigest_gost3410_2012_512), ))
tbs = TBSCertificate((
("version", Version("v3")),