Ability to create certificate examples with various curves

author Sergey Matveev <stargrave@stargrave.org>

Fri, 15 Jan 2021 14:13:11 +0000 (17:13 +0300)

committer Sergey Matveev <stargrave@stargrave.org>

Fri, 15 Jan 2021 14:13:11 +0000 (17:13 +0300)
author Sergey Matveev <stargrave@stargrave.org>
Fri, 15 Jan 2021 14:13:11 +0000 (17:13 +0300)
committer Sergey Matveev <stargrave@stargrave.org>
Fri, 15 Jan 2021 14:13:11 +0000 (17:13 +0300)
diff --git a/pygost/asn1schemas/cert-selfsigned-example.py b/pygost/asn1schemas/cert-selfsigned-example.py

index 198ce2f6ca426926bb750b06fb47e4b430509e77..8c589c2a22f273dec7355b9b8ec2b6d567b42fdc 100644 (file)
--- a/pygost/asn1schemas/cert-selfsigned-example.py
+++ b/pygost/asn1schemas/cert-selfsigned-example.py
@@ -19,8 +19,16 @@ from pyderasn import UTCTime
  from pygost.asn1schemas.oids import id_at_commonName
  from pygost.asn1schemas.oids import id_ce_basicConstraints
  from pygost.asn1schemas.oids import id_ce_subjectKeyIdentifier
  from pygost.asn1schemas.oids import id_at_commonName
  from pygost.asn1schemas.oids import id_ce_basicConstraints
  from pygost.asn1schemas.oids import id_ce_subjectKeyIdentifier
+from pygost.asn1schemas.oids import id_tc26_gost3410_2012_256
+from pygost.asn1schemas.oids import id_tc26_gost3410_2012_256_paramSetA
+from pygost.asn1schemas.oids import id_tc26_gost3410_2012_256_paramSetB
+from pygost.asn1schemas.oids import id_tc26_gost3410_2012_256_paramSetC
+from pygost.asn1schemas.oids import id_tc26_gost3410_2012_256_paramSetD
  from pygost.asn1schemas.oids import id_tc26_gost3410_2012_512
  from pygost.asn1schemas.oids import id_tc26_gost3410_2012_512_paramSetA
  from pygost.asn1schemas.oids import id_tc26_gost3410_2012_512
  from pygost.asn1schemas.oids import id_tc26_gost3410_2012_512_paramSetA
+from pygost.asn1schemas.oids import id_tc26_gost3410_2012_512_paramSetB
+from pygost.asn1schemas.oids import id_tc26_gost3410_2012_512_paramSetC
+from pygost.asn1schemas.oids import id_tc26_signwithdigest_gost3410_2012_256
  from pygost.asn1schemas.oids import id_tc26_signwithdigest_gost3410_2012_512
  from pygost.asn1schemas.prvkey import PrivateKey
  from pygost.asn1schemas.prvkey import PrivateKeyAlgorithmIdentifier
  from pygost.asn1schemas.oids import id_tc26_signwithdigest_gost3410_2012_512
  from pygost.asn1schemas.prvkey import PrivateKey
  from pygost.asn1schemas.prvkey import PrivateKeyAlgorithmIdentifier
@@ -49,6 +57,7 @@ from pygost.gost3410 import prv_unmarshal
  from pygost.gost3410 import pub_marshal
  from pygost.gost3410 import public_key
  from pygost.gost3410 import sign
  from pygost.gost3410 import pub_marshal
  from pygost.gost3410 import public_key
  from pygost.gost3410 import sign
+from pygost.gost34112012256 import GOST34112012256
  from pygost.gost34112012512 import GOST34112012512
  
  parser = ArgumentParser(description="Self-signed X.509 certificate creator")
  from pygost.gost34112012512 import GOST34112012512
  
  parser = ArgumentParser(description="Self-signed X.509 certificate creator")
@@ -62,7 +71,70 @@ parser.add_argument(
      required=True,
      help="Subject's CommonName",
  )
      required=True,
      help="Subject's CommonName",
  )
+parser.add_argument(
+    "--ai",
+    required=True,
+    help="Signing algorithm: {256[ABCD],512[ABC]}",
+)
  args = parser.parse_args()
  args = parser.parse_args()
+ai = {
+    "256A": {
+        "publicKeyParamSet": id_tc26_gost3410_2012_256_paramSetA,
+        "key_algorithm": id_tc26_gost3410_2012_256,
+        "prv_len": 32,
+        "curve": CURVES["id-tc26-gost-3410-2012-256-paramSetA"],
+        "sign_algorithm": id_tc26_signwithdigest_gost3410_2012_256,
+        "hasher": GOST34112012256,
+    },
+    "256B": {
+        "publicKeyParamSet": id_tc26_gost3410_2012_256_paramSetB,
+        "key_algorithm": id_tc26_gost3410_2012_256,
+        "prv_len": 32,
+        "curve": CURVES["id-tc26-gost-3410-2012-256-paramSetB"],
+        "sign_algorithm": id_tc26_signwithdigest_gost3410_2012_256,
+        "hasher": GOST34112012256,
+    },
+    "256C": {
+        "publicKeyParamSet": id_tc26_gost3410_2012_256_paramSetC,
+        "key_algorithm": id_tc26_gost3410_2012_256,
+        "prv_len": 32,
+        "curve": CURVES["id-tc26-gost-3410-2012-256-paramSetC"],
+        "sign_algorithm": id_tc26_signwithdigest_gost3410_2012_256,
+        "hasher": GOST34112012256,
+    },
+    "256D": {
+        "publicKeyParamSet": id_tc26_gost3410_2012_256_paramSetD,
+        "key_algorithm": id_tc26_gost3410_2012_256,
+        "prv_len": 32,
+        "curve": CURVES["id-tc26-gost-3410-2012-256-paramSetD"],
+        "sign_algorithm": id_tc26_signwithdigest_gost3410_2012_256,
+        "hasher": GOST34112012256,
+    },
+    "512A": {
+        "publicKeyParamSet": id_tc26_gost3410_2012_512_paramSetA,
+        "key_algorithm": id_tc26_gost3410_2012_512,
+        "prv_len": 64,
+        "curve": CURVES["id-tc26-gost-3410-12-512-paramSetA"],
+        "sign_algorithm": id_tc26_signwithdigest_gost3410_2012_512,
+        "hasher": GOST34112012512,
+    },
+    "512B": {
+        "publicKeyParamSet": id_tc26_gost3410_2012_512_paramSetB,
+        "key_algorithm": id_tc26_gost3410_2012_512,
+        "prv_len": 64,
+        "curve": CURVES["id-tc26-gost-3410-12-512-paramSetB"],
+        "sign_algorithm": id_tc26_signwithdigest_gost3410_2012_512,
+        "hasher": GOST34112012512,
+    },
+    "512C": {
+        "publicKeyParamSet": id_tc26_gost3410_2012_512_paramSetC,
+        "key_algorithm": id_tc26_gost3410_2012_512,
+        "prv_len": 64,
+        "curve": CURVES["id-tc26-gost-3410-2012-512-paramSetC"],
+        "sign_algorithm": id_tc26_signwithdigest_gost3410_2012_512,
+        "hasher": GOST34112012512,
+    },
+}[args.ai]
  
  
  def pem(obj):
  
  
  def pem(obj):
@@ -70,15 +142,15 @@ def pem(obj):
  
  
  key_params = GostR34102012PublicKeyParameters((
  
  
  key_params = GostR34102012PublicKeyParameters((
-    ("publicKeyParamSet", id_tc26_gost3410_2012_512_paramSetA),
+    ("publicKeyParamSet", ai["publicKeyParamSet"]),
  ))
  
  ))
  
-prv_raw = urandom(64)
+prv_raw = urandom(ai["prv_len"])
  print("-----BEGIN PRIVATE KEY-----")
  print(pem(PrivateKeyInfo((
      ("version", Integer(0)),
      ("privateKeyAlgorithm", PrivateKeyAlgorithmIdentifier((
  print("-----BEGIN PRIVATE KEY-----")
  print(pem(PrivateKeyInfo((
      ("version", Integer(0)),
      ("privateKeyAlgorithm", PrivateKeyAlgorithmIdentifier((
-        ("algorithm", id_tc26_gost3410_2012_512),
+        ("algorithm", ai["key_algorithm"]),
          ("parameters", Any(key_params)),
      ))),
      ("privateKey", PrivateKey(prv_raw)),
          ("parameters", Any(key_params)),
      ))),
      ("privateKey", PrivateKey(prv_raw)),
@@ -86,7 +158,7 @@ print(pem(PrivateKeyInfo((
  print("-----END PRIVATE KEY-----")
  
  prv = prv_unmarshal(prv_raw)
  print("-----END PRIVATE KEY-----")
  
  prv = prv_unmarshal(prv_raw)
-curve = CURVES["id-tc26-gost-3410-12-512-paramSetA"]
+curve = ai["curve"]
  pub_raw = pub_marshal(public_key(curve, prv))
  subj = Name(("rdnSequence", RDNSequence([
      RelativeDistinguishedName((
  pub_raw = pub_marshal(public_key(curve, prv))
  subj = Name(("rdnSequence", RDNSequence([
      RelativeDistinguishedName((
@@ -99,13 +171,13 @@ subj = Name(("rdnSequence", RDNSequence([
  not_before = datetime.utcnow()
  not_after = not_before + timedelta(days=365)
  ai_sign = AlgorithmIdentifier((
  not_before = datetime.utcnow()
  not_after = not_before + timedelta(days=365)
  ai_sign = AlgorithmIdentifier((
-    ("algorithm", id_tc26_signwithdigest_gost3410_2012_512),
+    ("algorithm", ai["sign_algorithm"],),
  ))
  exts = [
      Extension((
          ("extnID", id_ce_subjectKeyIdentifier),
          ("extnValue", OctetString(
  ))
  exts = [
      Extension((
          ("extnID", id_ce_subjectKeyIdentifier),
          ("extnValue", OctetString(
-            SubjectKeyIdentifier(GOST34112012512(pub_raw).digest()[:20]).encode()
+            SubjectKeyIdentifier(GOST34112012256(pub_raw).digest()[:20]).encode()
          )),
      )),
  ]
          )),
      )),
  ]
@@ -126,7 +198,7 @@ tbs = TBSCertificate((
      ("subject", subj),
      ("subjectPublicKeyInfo", SubjectPublicKeyInfo((
          ("algorithm", AlgorithmIdentifier((
      ("subject", subj),
      ("subjectPublicKeyInfo", SubjectPublicKeyInfo((
          ("algorithm", AlgorithmIdentifier((
-            ("algorithm", id_tc26_gost3410_2012_512),
+            ("algorithm", ai["key_algorithm"]),
              ("parameters", Any(key_params)),
          ))),
          ("subjectPublicKey", BitString(OctetString(pub_raw).encode())),
              ("parameters", Any(key_params)),
          ))),
          ("subjectPublicKey", BitString(OctetString(pub_raw).encode())),
@@ -139,7 +211,7 @@ cert = Certificate((
      ("signatureValue", BitString(sign(
          curve,
          prv,
      ("signatureValue", BitString(sign(
          curve,
          prv,
-        GOST34112012512(tbs.encode()).digest()[::-1],
+        ai["hasher"](tbs.encode()).digest()[::-1],
      ))),
  ))
  print("-----BEGIN CERTIFICATE-----")
      ))),
  ))
  print("-----BEGIN CERTIFICATE-----")
author	Sergey Matveev <stargrave@stargrave.org>
	Fri, 15 Jan 2021 14:13:11 +0000 (17:13 +0300)
committer	Sergey Matveev <stargrave@stargrave.org>
	Fri, 15 Jan 2021 14:13:11 +0000 (17:13 +0300)