From a437d8a8926c56c3673dfe6af4bb2c48763e3d9a Mon Sep 17 00:00:00 2001
From: Sergey Matveev <stargrave@stargrave.org>
Date: Fri, 15 Jan 2021 17:13:11 +0300
Subject: [PATCH] Ability to create certificate examples with various curves

---
 pygost/asn1schemas/cert-selfsigned-example.py | 88 +++++++++++++++++--
 1 file changed, 80 insertions(+), 8 deletions(-)

diff --git a/pygost/asn1schemas/cert-selfsigned-example.py b/pygost/asn1schemas/cert-selfsigned-example.py
index 198ce2f..8c589c2 100644
--- a/pygost/asn1schemas/cert-selfsigned-example.py
+++ b/pygost/asn1schemas/cert-selfsigned-example.py
@@ -19,8 +19,16 @@ from pyderasn import UTCTime
 from pygost.asn1schemas.oids import id_at_commonName
 from pygost.asn1schemas.oids import id_ce_basicConstraints
 from pygost.asn1schemas.oids import id_ce_subjectKeyIdentifier
+from pygost.asn1schemas.oids import id_tc26_gost3410_2012_256
+from pygost.asn1schemas.oids import id_tc26_gost3410_2012_256_paramSetA
+from pygost.asn1schemas.oids import id_tc26_gost3410_2012_256_paramSetB
+from pygost.asn1schemas.oids import id_tc26_gost3410_2012_256_paramSetC
+from pygost.asn1schemas.oids import id_tc26_gost3410_2012_256_paramSetD
 from pygost.asn1schemas.oids import id_tc26_gost3410_2012_512
 from pygost.asn1schemas.oids import id_tc26_gost3410_2012_512_paramSetA
+from pygost.asn1schemas.oids import id_tc26_gost3410_2012_512_paramSetB
+from pygost.asn1schemas.oids import id_tc26_gost3410_2012_512_paramSetC
+from pygost.asn1schemas.oids import id_tc26_signwithdigest_gost3410_2012_256
 from pygost.asn1schemas.oids import id_tc26_signwithdigest_gost3410_2012_512
 from pygost.asn1schemas.prvkey import PrivateKey
 from pygost.asn1schemas.prvkey import PrivateKeyAlgorithmIdentifier
@@ -49,6 +57,7 @@ from pygost.gost3410 import prv_unmarshal
 from pygost.gost3410 import pub_marshal
 from pygost.gost3410 import public_key
 from pygost.gost3410 import sign
+from pygost.gost34112012256 import GOST34112012256
 from pygost.gost34112012512 import GOST34112012512
 
 parser = ArgumentParser(description="Self-signed X.509 certificate creator")
@@ -62,7 +71,70 @@ parser.add_argument(
     required=True,
     help="Subject's CommonName",
 )
+parser.add_argument(
+    "--ai",
+    required=True,
+    help="Signing algorithm: {256[ABCD],512[ABC]}",
+)
 args = parser.parse_args()
+ai = {
+    "256A": {
+        "publicKeyParamSet": id_tc26_gost3410_2012_256_paramSetA,
+        "key_algorithm": id_tc26_gost3410_2012_256,
+        "prv_len": 32,
+        "curve": CURVES["id-tc26-gost-3410-2012-256-paramSetA"],
+        "sign_algorithm": id_tc26_signwithdigest_gost3410_2012_256,
+        "hasher": GOST34112012256,
+    },
+    "256B": {
+        "publicKeyParamSet": id_tc26_gost3410_2012_256_paramSetB,
+        "key_algorithm": id_tc26_gost3410_2012_256,
+        "prv_len": 32,
+        "curve": CURVES["id-tc26-gost-3410-2012-256-paramSetB"],
+        "sign_algorithm": id_tc26_signwithdigest_gost3410_2012_256,
+        "hasher": GOST34112012256,
+    },
+    "256C": {
+        "publicKeyParamSet": id_tc26_gost3410_2012_256_paramSetC,
+        "key_algorithm": id_tc26_gost3410_2012_256,
+        "prv_len": 32,
+        "curve": CURVES["id-tc26-gost-3410-2012-256-paramSetC"],
+        "sign_algorithm": id_tc26_signwithdigest_gost3410_2012_256,
+        "hasher": GOST34112012256,
+    },
+    "256D": {
+        "publicKeyParamSet": id_tc26_gost3410_2012_256_paramSetD,
+        "key_algorithm": id_tc26_gost3410_2012_256,
+        "prv_len": 32,
+        "curve": CURVES["id-tc26-gost-3410-2012-256-paramSetD"],
+        "sign_algorithm": id_tc26_signwithdigest_gost3410_2012_256,
+        "hasher": GOST34112012256,
+    },
+    "512A": {
+        "publicKeyParamSet": id_tc26_gost3410_2012_512_paramSetA,
+        "key_algorithm": id_tc26_gost3410_2012_512,
+        "prv_len": 64,
+        "curve": CURVES["id-tc26-gost-3410-12-512-paramSetA"],
+        "sign_algorithm": id_tc26_signwithdigest_gost3410_2012_512,
+        "hasher": GOST34112012512,
+    },
+    "512B": {
+        "publicKeyParamSet": id_tc26_gost3410_2012_512_paramSetB,
+        "key_algorithm": id_tc26_gost3410_2012_512,
+        "prv_len": 64,
+        "curve": CURVES["id-tc26-gost-3410-12-512-paramSetB"],
+        "sign_algorithm": id_tc26_signwithdigest_gost3410_2012_512,
+        "hasher": GOST34112012512,
+    },
+    "512C": {
+        "publicKeyParamSet": id_tc26_gost3410_2012_512_paramSetC,
+        "key_algorithm": id_tc26_gost3410_2012_512,
+        "prv_len": 64,
+        "curve": CURVES["id-tc26-gost-3410-2012-512-paramSetC"],
+        "sign_algorithm": id_tc26_signwithdigest_gost3410_2012_512,
+        "hasher": GOST34112012512,
+    },
+}[args.ai]
 
 
 def pem(obj):
@@ -70,15 +142,15 @@ def pem(obj):
 
 
 key_params = GostR34102012PublicKeyParameters((
-    ("publicKeyParamSet", id_tc26_gost3410_2012_512_paramSetA),
+    ("publicKeyParamSet", ai["publicKeyParamSet"]),
 ))
 
-prv_raw = urandom(64)
+prv_raw = urandom(ai["prv_len"])
 print("-----BEGIN PRIVATE KEY-----")
 print(pem(PrivateKeyInfo((
     ("version", Integer(0)),
     ("privateKeyAlgorithm", PrivateKeyAlgorithmIdentifier((
-        ("algorithm", id_tc26_gost3410_2012_512),
+        ("algorithm", ai["key_algorithm"]),
         ("parameters", Any(key_params)),
     ))),
     ("privateKey", PrivateKey(prv_raw)),
@@ -86,7 +158,7 @@ print(pem(PrivateKeyInfo((
 print("-----END PRIVATE KEY-----")
 
 prv = prv_unmarshal(prv_raw)
-curve = CURVES["id-tc26-gost-3410-12-512-paramSetA"]
+curve = ai["curve"]
 pub_raw = pub_marshal(public_key(curve, prv))
 subj = Name(("rdnSequence", RDNSequence([
     RelativeDistinguishedName((
@@ -99,13 +171,13 @@ subj = Name(("rdnSequence", RDNSequence([
 not_before = datetime.utcnow()
 not_after = not_before + timedelta(days=365)
 ai_sign = AlgorithmIdentifier((
-    ("algorithm", id_tc26_signwithdigest_gost3410_2012_512),
+    ("algorithm", ai["sign_algorithm"],),
 ))
 exts = [
     Extension((
         ("extnID", id_ce_subjectKeyIdentifier),
         ("extnValue", OctetString(
-            SubjectKeyIdentifier(GOST34112012512(pub_raw).digest()[:20]).encode()
+            SubjectKeyIdentifier(GOST34112012256(pub_raw).digest()[:20]).encode()
         )),
     )),
 ]
@@ -126,7 +198,7 @@ tbs = TBSCertificate((
     ("subject", subj),
     ("subjectPublicKeyInfo", SubjectPublicKeyInfo((
         ("algorithm", AlgorithmIdentifier((
-            ("algorithm", id_tc26_gost3410_2012_512),
+            ("algorithm", ai["key_algorithm"]),
             ("parameters", Any(key_params)),
         ))),
         ("subjectPublicKey", BitString(OctetString(pub_raw).encode())),
@@ -139,7 +211,7 @@ cert = Certificate((
     ("signatureValue", BitString(sign(
         curve,
         prv,
-        GOST34112012512(tbs.encode()).digest()[::-1],
+        ai["hasher"](tbs.encode()).digest()[::-1],
     ))),
 ))
 print("-----BEGIN CERTIFICATE-----")
-- 
2.44.0