from pygost.asn1schemas.oids import id_at_commonName
from pygost.asn1schemas.oids import id_ce_basicConstraints
from pygost.asn1schemas.oids import id_ce_subjectKeyIdentifier
+from pygost.asn1schemas.oids import id_tc26_gost3410_2012_256
+from pygost.asn1schemas.oids import id_tc26_gost3410_2012_256_paramSetA
+from pygost.asn1schemas.oids import id_tc26_gost3410_2012_256_paramSetB
+from pygost.asn1schemas.oids import id_tc26_gost3410_2012_256_paramSetC
+from pygost.asn1schemas.oids import id_tc26_gost3410_2012_256_paramSetD
from pygost.asn1schemas.oids import id_tc26_gost3410_2012_512
from pygost.asn1schemas.oids import id_tc26_gost3410_2012_512_paramSetA
+from pygost.asn1schemas.oids import id_tc26_gost3410_2012_512_paramSetB
+from pygost.asn1schemas.oids import id_tc26_gost3410_2012_512_paramSetC
+from pygost.asn1schemas.oids import id_tc26_signwithdigest_gost3410_2012_256
from pygost.asn1schemas.oids import id_tc26_signwithdigest_gost3410_2012_512
from pygost.asn1schemas.prvkey import PrivateKey
from pygost.asn1schemas.prvkey import PrivateKeyAlgorithmIdentifier
from pygost.gost3410 import pub_marshal
from pygost.gost3410 import public_key
from pygost.gost3410 import sign
+from pygost.gost34112012256 import GOST34112012256
from pygost.gost34112012512 import GOST34112012512
parser = ArgumentParser(description="Self-signed X.509 certificate creator")
required=True,
help="Subject's CommonName",
)
+parser.add_argument(
+ "--ai",
+ required=True,
+ help="Signing algorithm: {256[ABCD],512[ABC]}",
+)
args = parser.parse_args()
+ai = {
+ "256A": {
+ "publicKeyParamSet": id_tc26_gost3410_2012_256_paramSetA,
+ "key_algorithm": id_tc26_gost3410_2012_256,
+ "prv_len": 32,
+ "curve": CURVES["id-tc26-gost-3410-2012-256-paramSetA"],
+ "sign_algorithm": id_tc26_signwithdigest_gost3410_2012_256,
+ "hasher": GOST34112012256,
+ },
+ "256B": {
+ "publicKeyParamSet": id_tc26_gost3410_2012_256_paramSetB,
+ "key_algorithm": id_tc26_gost3410_2012_256,
+ "prv_len": 32,
+ "curve": CURVES["id-tc26-gost-3410-2012-256-paramSetB"],
+ "sign_algorithm": id_tc26_signwithdigest_gost3410_2012_256,
+ "hasher": GOST34112012256,
+ },
+ "256C": {
+ "publicKeyParamSet": id_tc26_gost3410_2012_256_paramSetC,
+ "key_algorithm": id_tc26_gost3410_2012_256,
+ "prv_len": 32,
+ "curve": CURVES["id-tc26-gost-3410-2012-256-paramSetC"],
+ "sign_algorithm": id_tc26_signwithdigest_gost3410_2012_256,
+ "hasher": GOST34112012256,
+ },
+ "256D": {
+ "publicKeyParamSet": id_tc26_gost3410_2012_256_paramSetD,
+ "key_algorithm": id_tc26_gost3410_2012_256,
+ "prv_len": 32,
+ "curve": CURVES["id-tc26-gost-3410-2012-256-paramSetD"],
+ "sign_algorithm": id_tc26_signwithdigest_gost3410_2012_256,
+ "hasher": GOST34112012256,
+ },
+ "512A": {
+ "publicKeyParamSet": id_tc26_gost3410_2012_512_paramSetA,
+ "key_algorithm": id_tc26_gost3410_2012_512,
+ "prv_len": 64,
+ "curve": CURVES["id-tc26-gost-3410-12-512-paramSetA"],
+ "sign_algorithm": id_tc26_signwithdigest_gost3410_2012_512,
+ "hasher": GOST34112012512,
+ },
+ "512B": {
+ "publicKeyParamSet": id_tc26_gost3410_2012_512_paramSetB,
+ "key_algorithm": id_tc26_gost3410_2012_512,
+ "prv_len": 64,
+ "curve": CURVES["id-tc26-gost-3410-12-512-paramSetB"],
+ "sign_algorithm": id_tc26_signwithdigest_gost3410_2012_512,
+ "hasher": GOST34112012512,
+ },
+ "512C": {
+ "publicKeyParamSet": id_tc26_gost3410_2012_512_paramSetC,
+ "key_algorithm": id_tc26_gost3410_2012_512,
+ "prv_len": 64,
+ "curve": CURVES["id-tc26-gost-3410-2012-512-paramSetC"],
+ "sign_algorithm": id_tc26_signwithdigest_gost3410_2012_512,
+ "hasher": GOST34112012512,
+ },
+}[args.ai]
def pem(obj):
key_params = GostR34102012PublicKeyParameters((
- ("publicKeyParamSet", id_tc26_gost3410_2012_512_paramSetA),
+ ("publicKeyParamSet", ai["publicKeyParamSet"]),
))
-prv_raw = urandom(64)
+prv_raw = urandom(ai["prv_len"])
print("-----BEGIN PRIVATE KEY-----")
print(pem(PrivateKeyInfo((
("version", Integer(0)),
("privateKeyAlgorithm", PrivateKeyAlgorithmIdentifier((
- ("algorithm", id_tc26_gost3410_2012_512),
+ ("algorithm", ai["key_algorithm"]),
("parameters", Any(key_params)),
))),
("privateKey", PrivateKey(prv_raw)),
print("-----END PRIVATE KEY-----")
prv = prv_unmarshal(prv_raw)
-curve = CURVES["id-tc26-gost-3410-12-512-paramSetA"]
+curve = ai["curve"]
pub_raw = pub_marshal(public_key(curve, prv))
subj = Name(("rdnSequence", RDNSequence([
RelativeDistinguishedName((
not_before = datetime.utcnow()
not_after = not_before + timedelta(days=365)
ai_sign = AlgorithmIdentifier((
- ("algorithm", id_tc26_signwithdigest_gost3410_2012_512),
+ ("algorithm", ai["sign_algorithm"],),
))
exts = [
Extension((
("extnID", id_ce_subjectKeyIdentifier),
("extnValue", OctetString(
- SubjectKeyIdentifier(GOST34112012512(pub_raw).digest()[:20]).encode()
+ SubjectKeyIdentifier(GOST34112012256(pub_raw).digest()[:20]).encode()
)),
)),
]
("subject", subj),
("subjectPublicKeyInfo", SubjectPublicKeyInfo((
("algorithm", AlgorithmIdentifier((
- ("algorithm", id_tc26_gost3410_2012_512),
+ ("algorithm", ai["key_algorithm"]),
("parameters", Any(key_params)),
))),
("subjectPublicKey", BitString(OctetString(pub_raw).encode())),
("signatureValue", BitString(sign(
curve,
prv,
- GOST34112012512(tbs.encode()).digest()[::-1],
+ ai["hasher"](tbs.encode()).digest()[::-1],
))),
))
print("-----BEGIN CERTIFICATE-----")