pygost/test_x509.py

   1 # coding: utf-8
   2 # PyGOST -- Pure Python GOST cryptographic functions library
   3 # Copyright (C) 2015-2019 Sergey Matveev <stargrave@stargrave.org>
   4 #
   5 # This program is free software: you can redistribute it and/or modify
   6 # it under the terms of the GNU General Public License as published by
   7 # the Free Software Foundation, either version 3 of the License, or
   8 # (at your option) any later version.
   9 #
  10 # This program is distributed in the hope that it will be useful,
  11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  13 # GNU General Public License for more details.
  14 #
  15 # You should have received a copy of the GNU General Public License
  16 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
  17
  18 from base64 import b64decode
  19 from unittest import skipIf
  20 from unittest import TestCase
  21
  22 from pygost.gost3410 import CURVE_PARAMS
  23 from pygost.gost3410 import GOST3410Curve
  24 from pygost.gost3410 import prv_unmarshal
  25 from pygost.gost3410 import pub_unmarshal
  26 from pygost.gost3410 import public_key
  27 from pygost.gost3410 import verify
  28 from pygost.gost34112012256 import GOST34112012256
  29 from pygost.gost34112012512 import GOST34112012512
  30 from pygost.utils import hexdec
  31
  32 try:
  33     from pyderasn import OctetString
  34
  35     from pygost.asn1schemas.oids import id_tc26_gost3410_2012_256
  36     from pygost.asn1schemas.oids import id_tc26_gost3410_2012_512
  37     from pygost.asn1schemas.x509 import Certificate
  38 except ImportError:
  39     pyderasn_exists = False
  40 else:
  41     pyderasn_exists = True
  42
  43
  44 @skipIf(not pyderasn_exists, "PyDERASN dependency is required")
  45 class TestCertificate(TestCase):
  46     """Certificate test vectors from "Использования алгоритмов ГОСТ Р
  47     34.10, ГОСТ Р 34.11 в профиле сертификата и списке отзыва
  48     сертификатов (CRL) инфраструктуры открытых ключей X.509"
  49     (TK26IOK.pdf)
  50     """
  51
  52     def process_cert(self, curve_name, mode, hasher, prv_key_raw, cert_raw):
  53         cert, tail = Certificate().decode(cert_raw, ctx={
  54             "defines_by_path": (
  55                 (
  56                     (
  57                         "tbsCertificate",
  58                         "subjectPublicKeyInfo",
  59                         "algorithm",
  60                         "algorithm",
  61                     ),
  62                     (
  63                         (
  64                             ("..", "subjectPublicKey"),
  65                             {
  66                                 id_tc26_gost3410_2012_256: OctetString(),
  67                                 id_tc26_gost3410_2012_512: OctetString(),
  68                             },
  69                         ),
  70                     ),
  71                 ),
  72             ),
  73         })
  74         self.assertSequenceEqual(tail, b"")
  75         curve = GOST3410Curve(*CURVE_PARAMS[curve_name])
  76         prv_key = prv_unmarshal(prv_key_raw)
  77         spk = cert["tbsCertificate"]["subjectPublicKeyInfo"]["subjectPublicKey"]
  78         self.assertIsNotNone(spk.defined)
  79         _, pub_key_raw = spk.defined
  80         pub_key = pub_unmarshal(bytes(pub_key_raw), mode=mode)
  81         self.assertSequenceEqual(pub_key, public_key(curve, prv_key))
  82         self.assertTrue(verify(
  83             curve,
  84             pub_key,
  85             hasher(cert["tbsCertificate"].encode()).digest()[::-1],
  86             bytes(cert["signatureValue"]),
  87             mode=mode,
  88         ))
  89
  90     def test_256(self):
  91         cert_raw = b64decode("""
  92 MIICYjCCAg+gAwIBAgIBATAKBggqhQMHAQEDAjBWMSkwJwYJKoZIhvcNAQkBFhpH
  93 b3N0UjM0MTAtMjAxMkBleGFtcGxlLmNvbTEpMCcGA1UEAxMgR29zdFIzNDEwLTIw
  94 MTIgKDI1NiBiaXQpIGV4YW1wbGUwHhcNMTMxMTA1MTQwMjM3WhcNMzAxMTAxMTQw
  95 MjM3WjBWMSkwJwYJKoZIhvcNAQkBFhpHb3N0UjM0MTAtMjAxMkBleGFtcGxlLmNv
  96 bTEpMCcGA1UEAxMgR29zdFIzNDEwLTIwMTIgKDI1NiBiaXQpIGV4YW1wbGUwZjAf
  97 BggqhQMHAQEBATATBgcqhQMCAiQABggqhQMHAQECAgNDAARAut/Qw1MUq9KPqkdH
  98 C2xAF3K7TugHfo9n525D2s5mFZdD5pwf90/i4vF0mFmr9nfRwMYP4o0Pg1mOn5Rl
  99 aXNYraOBwDCBvTAdBgNVHQ4EFgQU1fIeN1HaPbw+XWUzbkJ+kHJUT0AwCwYDVR0P
 100 BAQDAgHGMA8GA1UdEwQIMAYBAf8CAQEwfgYDVR0BBHcwdYAU1fIeN1HaPbw+XWUz
 101 bkJ+kHJUT0ChWqRYMFYxKTAnBgkqhkiG9w0BCQEWGkdvc3RSMzQxMC0yMDEyQGV4
 102 YW1wbGUuY29tMSkwJwYDVQQDEyBHb3N0UjM0MTAtMjAxMiAoMjU2IGJpdCkgZXhh
 103 bXBsZYIBATAKBggqhQMHAQEDAgNBAF5bm4BbARR6hJLEoWJkOsYV3Hd7kXQQjz3C
 104 dqQfmHrz6TI6Xojdh/t8ckODv/587NS5/6KsM77vc6Wh90NAT2s=
 105         """)
 106         prv_key_raw = hexdec("BFCF1D623E5CDD3032A7C6EABB4A923C46E43D640FFEAAF2C3ED39A8FA399924")[::-1]
 107         self.process_cert(
 108             "GostR3410_2001_CryptoPro_XchA_ParamSet",
 109             2001,
 110             GOST34112012256,
 111             prv_key_raw,
 112             cert_raw,
 113         )
 114
 115     def test_512(self):
 116         cert_raw = b64decode("""
 117 MIIC6DCCAlSgAwIBAgIBATAKBggqhQMHAQEDAzBWMSkwJwYJKoZIhvcNAQkBFhpH
 118 b3N0UjM0MTAtMjAxMkBleGFtcGxlLmNvbTEpMCcGA1UEAxMgR29zdFIzNDEwLTIw
 119 MTIgKDUxMiBiaXQpIGV4YW1wbGUwHhcNMTMxMDA0MDczNjA0WhcNMzAxMDAxMDcz
 120 NjA0WjBWMSkwJwYJKoZIhvcNAQkBFhpHb3N0UjM0MTAtMjAxMkBleGFtcGxlLmNv
 121 bTEpMCcGA1UEAxMgR29zdFIzNDEwLTIwMTIgKDUxMiBiaXQpIGV4YW1wbGUwgaow
 122 IQYIKoUDBwEBAQIwFQYJKoUDBwECAQICBggqhQMHAQECAwOBhAAEgYATGQ9VCiM5
 123 FRGCQ8MEz2F1dANqhaEuywa8CbxOnTvaGJpFQVXQwkwvLFAKh7hk542vOEtxpKtT
 124 CXfGf84nRhMH/Q9bZeAc2eO/yhxrsQhTBufa1Fuou2oe/jUOaG6RAtUUvRzhNTpp
 125 RGGl1+EIY2vzzUua9j9Ol/gAoy/LNKQIfqOBwDCBvTAdBgNVHQ4EFgQUPcbTRXJZ
 126 nHtjj+eBP7b5lcTMekIwCwYDVR0PBAQDAgHGMA8GA1UdEwQIMAYBAf8CAQEwfgYD
 127 VR0BBHcwdYAUPcbTRXJZnHtjj+eBP7b5lcTMekKhWqRYMFYxKTAnBgkqhkiG9w0B
 128 CQEWGkdvc3RSMzQxMC0yMDEyQGV4YW1wbGUuY29tMSkwJwYDVQQDEyBHb3N0UjM0
 129 MTAtMjAxMiAoNTEyIGJpdCkgZXhhbXBsZYIBATAKBggqhQMHAQEDAwOBgQBObS7o
 130 ppPTXzHyVR1DtPa8b57nudJzI4czhsfeX5HDntOq45t9B/qSs8dC6eGxbhHZ9zCO
 131 SFtxWYdmg0au8XI9Xb8vTC1qdwWID7FFjMWDNQZb6lYh/J+8F2xKylvB5nIlRZqO
 132 o3eUNFkNyHJwQCk2WoOlO16zwGk2tdKH4KmD5w==
 133         """)
 134         prv_key_raw = hexdec("3FC01CDCD4EC5F972EB482774C41E66DB7F380528DFE9E67992BA05AEE462435757530E641077CE587B976C8EEB48C48FD33FD175F0C7DE6A44E014E6BCB074B")[::-1]
 135         self.process_cert(
 136             "GostR3410_2012_TC26_ParamSetB",
 137             2012,
 138             GOST34112012512,
 139             prv_key_raw,
 140             cert_raw,
 141         )