X-Git-Url: http://www.git.cypherpunks.ru/?a=blobdiff_plain;f=pygost%2Fasn1schemas%2Fcert-selfsigned-example.py;h=3a0a64a29a916168f9a0e989237d41596105df37;hb=5008cf14ea046aa2e20dde93b9843fcf8f3e2e3e;hp=198ce2f6ca426926bb750b06fb47e4b430509e77;hpb=87e57c36c455cabde82f7cad027bfb89251681f5;p=pygost.git diff --git a/pygost/asn1schemas/cert-selfsigned-example.py b/pygost/asn1schemas/cert-selfsigned-example.py index 198ce2f..3a0a64a 100644 --- a/pygost/asn1schemas/cert-selfsigned-example.py +++ b/pygost/asn1schemas/cert-selfsigned-example.py @@ -11,6 +11,7 @@ from textwrap import fill from pyderasn import Any from pyderasn import BitString from pyderasn import Boolean +from pyderasn import IA5String from pyderasn import Integer from pyderasn import OctetString from pyderasn import PrintableString @@ -18,9 +19,18 @@ from pyderasn import UTCTime from pygost.asn1schemas.oids import id_at_commonName from pygost.asn1schemas.oids import id_ce_basicConstraints +from pygost.asn1schemas.oids import id_ce_subjectAltName from pygost.asn1schemas.oids import id_ce_subjectKeyIdentifier +from pygost.asn1schemas.oids import id_tc26_gost3410_2012_256 +from pygost.asn1schemas.oids import id_tc26_gost3410_2012_256_paramSetA +from pygost.asn1schemas.oids import id_tc26_gost3410_2012_256_paramSetB +from pygost.asn1schemas.oids import id_tc26_gost3410_2012_256_paramSetC +from pygost.asn1schemas.oids import id_tc26_gost3410_2012_256_paramSetD from pygost.asn1schemas.oids import id_tc26_gost3410_2012_512 from pygost.asn1schemas.oids import id_tc26_gost3410_2012_512_paramSetA +from pygost.asn1schemas.oids import id_tc26_gost3410_2012_512_paramSetB +from pygost.asn1schemas.oids import id_tc26_gost3410_2012_512_paramSetC +from pygost.asn1schemas.oids import id_tc26_signwithdigest_gost3410_2012_256 from pygost.asn1schemas.oids import id_tc26_signwithdigest_gost3410_2012_512 from pygost.asn1schemas.prvkey import PrivateKey from pygost.asn1schemas.prvkey import PrivateKeyAlgorithmIdentifier @@ -34,10 +44,12 @@ from pygost.asn1schemas.x509 import Certificate from pygost.asn1schemas.x509 import CertificateSerialNumber from pygost.asn1schemas.x509 import Extension from pygost.asn1schemas.x509 import Extensions +from pygost.asn1schemas.x509 import GeneralName from pygost.asn1schemas.x509 import GostR34102012PublicKeyParameters from pygost.asn1schemas.x509 import Name from pygost.asn1schemas.x509 import RDNSequence from pygost.asn1schemas.x509 import RelativeDistinguishedName +from pygost.asn1schemas.x509 import SubjectAltName from pygost.asn1schemas.x509 import SubjectKeyIdentifier from pygost.asn1schemas.x509 import SubjectPublicKeyInfo from pygost.asn1schemas.x509 import TBSCertificate @@ -49,6 +61,7 @@ from pygost.gost3410 import prv_unmarshal from pygost.gost3410 import pub_marshal from pygost.gost3410 import public_key from pygost.gost3410 import sign +from pygost.gost34112012256 import GOST34112012256 from pygost.gost34112012512 import GOST34112012512 parser = ArgumentParser(description="Self-signed X.509 certificate creator") @@ -62,7 +75,70 @@ parser.add_argument( required=True, help="Subject's CommonName", ) +parser.add_argument( + "--ai", + required=True, + help="Signing algorithm: {256[ABCD],512[ABC]}", +) args = parser.parse_args() +ai = { + "256A": { + "publicKeyParamSet": id_tc26_gost3410_2012_256_paramSetA, + "key_algorithm": id_tc26_gost3410_2012_256, + "prv_len": 32, + "curve": CURVES["id-tc26-gost-3410-2012-256-paramSetA"], + "sign_algorithm": id_tc26_signwithdigest_gost3410_2012_256, + "hasher": GOST34112012256, + }, + "256B": { + "publicKeyParamSet": id_tc26_gost3410_2012_256_paramSetB, + "key_algorithm": id_tc26_gost3410_2012_256, + "prv_len": 32, + "curve": CURVES["id-tc26-gost-3410-2012-256-paramSetB"], + "sign_algorithm": id_tc26_signwithdigest_gost3410_2012_256, + "hasher": GOST34112012256, + }, + "256C": { + "publicKeyParamSet": id_tc26_gost3410_2012_256_paramSetC, + "key_algorithm": id_tc26_gost3410_2012_256, + "prv_len": 32, + "curve": CURVES["id-tc26-gost-3410-2012-256-paramSetC"], + "sign_algorithm": id_tc26_signwithdigest_gost3410_2012_256, + "hasher": GOST34112012256, + }, + "256D": { + "publicKeyParamSet": id_tc26_gost3410_2012_256_paramSetD, + "key_algorithm": id_tc26_gost3410_2012_256, + "prv_len": 32, + "curve": CURVES["id-tc26-gost-3410-2012-256-paramSetD"], + "sign_algorithm": id_tc26_signwithdigest_gost3410_2012_256, + "hasher": GOST34112012256, + }, + "512A": { + "publicKeyParamSet": id_tc26_gost3410_2012_512_paramSetA, + "key_algorithm": id_tc26_gost3410_2012_512, + "prv_len": 64, + "curve": CURVES["id-tc26-gost-3410-12-512-paramSetA"], + "sign_algorithm": id_tc26_signwithdigest_gost3410_2012_512, + "hasher": GOST34112012512, + }, + "512B": { + "publicKeyParamSet": id_tc26_gost3410_2012_512_paramSetB, + "key_algorithm": id_tc26_gost3410_2012_512, + "prv_len": 64, + "curve": CURVES["id-tc26-gost-3410-12-512-paramSetB"], + "sign_algorithm": id_tc26_signwithdigest_gost3410_2012_512, + "hasher": GOST34112012512, + }, + "512C": { + "publicKeyParamSet": id_tc26_gost3410_2012_512_paramSetC, + "key_algorithm": id_tc26_gost3410_2012_512, + "prv_len": 64, + "curve": CURVES["id-tc26-gost-3410-2012-512-paramSetC"], + "sign_algorithm": id_tc26_signwithdigest_gost3410_2012_512, + "hasher": GOST34112012512, + }, +}[args.ai] def pem(obj): @@ -70,23 +146,23 @@ def pem(obj): key_params = GostR34102012PublicKeyParameters(( - ("publicKeyParamSet", id_tc26_gost3410_2012_512_paramSetA), + ("publicKeyParamSet", ai["publicKeyParamSet"]), )) -prv_raw = urandom(64) +prv_raw = urandom(ai["prv_len"]) print("-----BEGIN PRIVATE KEY-----") print(pem(PrivateKeyInfo(( ("version", Integer(0)), ("privateKeyAlgorithm", PrivateKeyAlgorithmIdentifier(( - ("algorithm", id_tc26_gost3410_2012_512), + ("algorithm", ai["key_algorithm"]), ("parameters", Any(key_params)), ))), - ("privateKey", PrivateKey(prv_raw)), + ("privateKey", PrivateKey(OctetString(prv_raw).encode())), )))) print("-----END PRIVATE KEY-----") prv = prv_unmarshal(prv_raw) -curve = CURVES["id-tc26-gost-3410-12-512-paramSetA"] +curve = ai["curve"] pub_raw = pub_marshal(public_key(curve, prv)) subj = Name(("rdnSequence", RDNSequence([ RelativeDistinguishedName(( @@ -99,13 +175,21 @@ subj = Name(("rdnSequence", RDNSequence([ not_before = datetime.utcnow() not_after = not_before + timedelta(days=365) ai_sign = AlgorithmIdentifier(( - ("algorithm", id_tc26_signwithdigest_gost3410_2012_512), + ("algorithm", ai["sign_algorithm"],), )) exts = [ Extension(( ("extnID", id_ce_subjectKeyIdentifier), ("extnValue", OctetString( - SubjectKeyIdentifier(GOST34112012512(pub_raw).digest()[:20]).encode() + SubjectKeyIdentifier(GOST34112012256(pub_raw).digest()[:20]).encode() + )), + )), + Extension(( + ("extnID", id_ce_subjectAltName), + ("extnValue", OctetString( + SubjectAltName(( + GeneralName(("dNSName", IA5String(args.cn))), + )).encode() )), )), ] @@ -126,7 +210,7 @@ tbs = TBSCertificate(( ("subject", subj), ("subjectPublicKeyInfo", SubjectPublicKeyInfo(( ("algorithm", AlgorithmIdentifier(( - ("algorithm", id_tc26_gost3410_2012_512), + ("algorithm", ai["key_algorithm"]), ("parameters", Any(key_params)), ))), ("subjectPublicKey", BitString(OctetString(pub_raw).encode())), @@ -139,7 +223,7 @@ cert = Certificate(( ("signatureValue", BitString(sign( curve, prv, - GOST34112012512(tbs.encode()).digest()[::-1], + ai["hasher"](tbs.encode()).digest()[::-1], ))), )) print("-----BEGIN CERTIFICATE-----")