Add support for RFC 4357, RFC 4490, and RFC 4491 (#122)

author: Russ Housley <housley@vigilsec.com> 2019-12-09 16:21:35 -0500
committer: Ilya Etingof <etingof@gmail.com> 2019-12-09 22:21:35 +0100
commit: 82639c183bb56d6acb2390a54b60c0a94ce92a2c (patch)
tree: ee504e95b1d60b05691a4c32fe3c4746e5d09ace
parent: 85e354140c6ffa5892f38eec34918fdcc4b4c977 (diff)
download: pyasn1-modules-82639c183bb56d6acb2390a54b60c0a94ce92a2c.tar.gz
8 files changed, 1321 insertions, 0 deletions
diff --git a/CHANGES.txt b/CHANGES.txt
index 49f3ade..718dac4 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -21,6 +21,12 @@ Revision 0.3.0, released XX-11-2019
 - Add RFC3058 providing IDEA Encryption Algorithm for CMS 
 - Add RFC3657 providing Camellia Encryption Algorithm for CMS 
 - Add RFC4010 providing SEED Encryption Algorithm for CMS 
+- Add RFC4357 providing Additional Cryptographic Algorithms for Use with
+  GOST 28147-89, GOST R 34.10-94, GOST R 34.10-2001, and GOST R 34.11-94
+- Add RFC4490 providing GOST 28147-89, GOST R 34.11-94, GOST R 34.10-94,
+  and GOST R 34.10-2001 Algorithms for CMS 
+- Add RFC4491 providing GOST R 34.10-94, GOST R 34.10-2001, and
+  GOST R 34.11-94 Algorithms for certificates and CRLs
 
 Revision 0.2.8, released 16-11-2019
 -----------------------------------
diff --git a/pyasn1_modules/rfc4357.py b/pyasn1_modules/rfc4357.py
new file mode 100644
index 0000000..42b9e3e
--- /dev/null
+++ b/pyasn1_modules/rfc4357.py
@@ -0,0 +1,477 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Created by Russ Housley with assistance from asn1ate v.0.6.0.
+#
+# Copyright (c) 2019, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# Additional Cryptographic Algorithms for Use with GOST 28147-89,
+# GOST R 34.10-94, GOST R 34.10-2001, and GOST R 34.11-94 Algorithms
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc4357.txt
+# https://www.rfc-editor.org/errata/eid5927
+# https://www.rfc-editor.org/errata/eid5928
+#
+
+from pyasn1.type import constraint
+from pyasn1.type import namedtype
+from pyasn1.type import namedval
+from pyasn1.type import tag
+from pyasn1.type import univ
+
+from pyasn1_modules import rfc5280
+
+
+# Import from RFC 5280
+
+AlgorithmIdentifier = rfc5280.AlgorithmIdentifier
+
+
+# Object Identifiers
+
+id_CryptoPro = univ.ObjectIdentifier((1, 2, 643, 2, 2,))
+
+
+id_CryptoPro_modules = id_CryptoPro + (1, 1,)
+
+id_CryptoPro_extensions = id_CryptoPro + (34,)
+
+id_CryptoPro_policyIds = id_CryptoPro + (38,)
+
+id_CryptoPro_policyQt = id_CryptoPro + (39,)
+
+
+cryptographic_Gost_Useful_Definitions = id_CryptoPro_modules + (0, 1,)
+
+gostR3411_94_DigestSyntax = id_CryptoPro_modules + (1, 1,)
+
+gostR3410_94_PKISyntax = id_CryptoPro_modules + (2, 1,)
+
+gostR3410_94_SignatureSyntax = id_CryptoPro_modules + (3, 1,)
+
+gost28147_89_EncryptionSyntax = id_CryptoPro_modules + (4, 1,)
+
+gostR3410_EncryptionSyntax = id_CryptoPro_modules + (5, 2,)
+
+gost28147_89_ParamSetSyntax = id_CryptoPro_modules + (6, 1,)
+
+gostR3411_94_ParamSetSyntax = id_CryptoPro_modules + (7, 1,)
+
+gostR3410_94_ParamSetSyntax = id_CryptoPro_modules + (8, 1, 1)
+
+gostR3410_2001_PKISyntax = id_CryptoPro_modules + (9, 1,)
+
+gostR3410_2001_SignatureSyntax = id_CryptoPro_modules + (10, 1,)
+
+gostR3410_2001_ParamSetSyntax = id_CryptoPro_modules + (12, 1,)
+
+gost_CryptoPro_ExtendedKeyUsage = id_CryptoPro_modules + (13, 1,)
+
+gost_CryptoPro_PrivateKey = id_CryptoPro_modules + (14, 1,)
+
+gost_CryptoPro_PKIXCMP = id_CryptoPro_modules + (15, 1,)
+
+gost_CryptoPro_TLS = id_CryptoPro_modules + (16, 1,)
+
+gost_CryptoPro_Policy = id_CryptoPro_modules + (17, 1,)
+
+gost_CryptoPro_Constants = id_CryptoPro_modules + (18, 1,)
+
+
+id_CryptoPro_algorithms = id_CryptoPro
+
+id_GostR3411_94_with_GostR3410_2001 = id_CryptoPro_algorithms + (3,)
+
+id_GostR3411_94_with_GostR3410_94 = id_CryptoPro_algorithms + (4,)
+
+id_GostR3411_94 = id_CryptoPro_algorithms + (9,)
+
+id_Gost28147_89_None_KeyMeshing = id_CryptoPro_algorithms + (14, 0,)
+
+id_Gost28147_89_CryptoPro_KeyMeshing = id_CryptoPro_algorithms + (14, 1,)
+
+id_GostR3410_2001 = id_CryptoPro_algorithms + (19,)
+
+id_GostR3410_94 = id_CryptoPro_algorithms + (20,)
+
+id_Gost28147_89 = id_CryptoPro_algorithms + (21,)
+
+id_Gost28147_89_MAC = id_CryptoPro_algorithms + (22,)
+
+id_CryptoPro_hashes = id_CryptoPro_algorithms + (30,)
+
+id_CryptoPro_encrypts = id_CryptoPro_algorithms + (31,)
+
+id_CryptoPro_signs = id_CryptoPro_algorithms + (32,)
+
+id_CryptoPro_exchanges = id_CryptoPro_algorithms + (33,)
+
+id_CryptoPro_ecc_signs = id_CryptoPro_algorithms + (35,)
+
+id_CryptoPro_ecc_exchanges = id_CryptoPro_algorithms + (36,)
+
+id_CryptoPro_private_keys = id_CryptoPro_algorithms + (37,)
+
+id_CryptoPro_pkixcmp_infos = id_CryptoPro_algorithms + (41,)
+
+id_CryptoPro_audit_service_types = id_CryptoPro_algorithms + (42,)
+
+id_CryptoPro_audit_record_types = id_CryptoPro_algorithms + (43,)
+
+id_CryptoPro_attributes = id_CryptoPro_algorithms + (44,)
+
+id_CryptoPro_name_service_types = id_CryptoPro_algorithms + (45,)
+
+id_GostR3410_2001DH = id_CryptoPro_algorithms + (98,)
+
+id_GostR3410_94DH = id_CryptoPro_algorithms + (99,)
+
+
+id_Gost28147_89_TestParamSet = id_CryptoPro_encrypts + (0,)
+
+id_Gost28147_89_CryptoPro_A_ParamSet = id_CryptoPro_encrypts + (1,)
+
+id_Gost28147_89_CryptoPro_B_ParamSet = id_CryptoPro_encrypts + (2,)
+
+id_Gost28147_89_CryptoPro_C_ParamSet = id_CryptoPro_encrypts + (3,)
+
+id_Gost28147_89_CryptoPro_D_ParamSet = id_CryptoPro_encrypts + (4,)
+
+id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet = id_CryptoPro_encrypts + (5,)
+
+id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet = id_CryptoPro_encrypts + (6,)
+
+id_Gost28147_89_CryptoPro_RIC_1_ParamSet = id_CryptoPro_encrypts + (7,)
+
+
+id_GostR3410_2001_TestParamSet = id_CryptoPro_ecc_signs + (0,)
+
+id_GostR3410_2001_CryptoPro_A_ParamSet = id_CryptoPro_ecc_signs + (1,)
+
+id_GostR3410_2001_CryptoPro_B_ParamSet = id_CryptoPro_ecc_signs + (2,)
+
+id_GostR3410_2001_CryptoPro_C_ParamSet = id_CryptoPro_ecc_signs + (3,)
+
+
+id_GostR3410_2001_CryptoPro_XchA_ParamSet = id_CryptoPro_ecc_exchanges + (0,)
+
+id_GostR3410_2001_CryptoPro_XchB_ParamSet = id_CryptoPro_ecc_exchanges + (1,)
+
+
+id_GostR3410_94_TestParamSet = id_CryptoPro_signs + (0,)
+
+id_GostR3410_94_CryptoPro_A_ParamSet = id_CryptoPro_signs + (2,)
+
+id_GostR3410_94_CryptoPro_B_ParamSet = id_CryptoPro_signs + (3,)
+
+id_GostR3410_94_CryptoPro_C_ParamSet = id_CryptoPro_signs + (4,)
+
+id_GostR3410_94_CryptoPro_D_ParamSet = id_CryptoPro_signs + (5,)
+
+
+id_GostR3410_94_CryptoPro_XchA_ParamSet = id_CryptoPro_exchanges + (1,)
+
+id_GostR3410_94_CryptoPro_XchB_ParamSet = id_CryptoPro_exchanges + (2,)
+
+id_GostR3410_94_CryptoPro_XchC_ParamSet = id_CryptoPro_exchanges + (3,)
+
+
+id_GostR3410_94_a = id_GostR3410_94 + (1,)
+
+id_GostR3410_94_aBis = id_GostR3410_94 + (2,)
+
+id_GostR3410_94_b = id_GostR3410_94 + (3,)
+
+id_GostR3410_94_bBis = id_GostR3410_94 + (4,)
+
+
+id_GostR3411_94_TestParamSet = id_CryptoPro_hashes + (0,)
+
+id_GostR3411_94_CryptoProParamSet = id_CryptoPro_hashes + (1,)
+
+
+
+
+class Gost28147_89_ParamSet(univ.ObjectIdentifier):
+    pass
+
+Gost28147_89_ParamSet.subtypeSpec = constraint.SingleValueConstraint(
+    id_Gost28147_89_TestParamSet,
+    id_Gost28147_89_CryptoPro_A_ParamSet,
+    id_Gost28147_89_CryptoPro_B_ParamSet,
+    id_Gost28147_89_CryptoPro_C_ParamSet,
+    id_Gost28147_89_CryptoPro_D_ParamSet,
+    id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet,
+    id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet,
+    id_Gost28147_89_CryptoPro_RIC_1_ParamSet
+)
+
+
+class Gost28147_89_BlobParameters(univ.Sequence):
+    pass
+
+Gost28147_89_BlobParameters.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('encryptionParamSet', Gost28147_89_ParamSet())
+)
+
+
+class Gost28147_89_MAC(univ.OctetString):
+    pass
+
+Gost28147_89_MAC.subtypeSpec = constraint.ValueSizeConstraint(1, 4)
+
+
+class Gost28147_89_Key(univ.OctetString):
+    pass
+
+Gost28147_89_Key.subtypeSpec = constraint.ValueSizeConstraint(32, 32)
+
+
+class Gost28147_89_EncryptedKey(univ.Sequence):
+    pass
+
+Gost28147_89_EncryptedKey.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('encryptedKey', Gost28147_89_Key()),
+    namedtype.OptionalNamedType('maskKey', Gost28147_89_Key().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.NamedType('macKey', Gost28147_89_MAC())
+)
+
+
+class Gost28147_89_IV(univ.OctetString):
+    pass
+
+Gost28147_89_IV.subtypeSpec = constraint.ValueSizeConstraint(8, 8)
+
+
+class Gost28147_89_UZ(univ.OctetString):
+    pass
+
+Gost28147_89_UZ.subtypeSpec = constraint.ValueSizeConstraint(64, 64)
+
+
+class Gost28147_89_ParamSetParameters(univ.Sequence):
+    pass
+
+Gost28147_89_ParamSetParameters.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('eUZ', Gost28147_89_UZ()),
+    namedtype.NamedType('mode',
+        univ.Integer(namedValues=namedval.NamedValues(
+            ('gost28147-89-CNT', 0),
+            ('gost28147-89-CFB', 1),
+            ('cryptoPro-CBC', 2)
+    ))),
+    namedtype.NamedType('shiftBits',
+        univ.Integer(namedValues=namedval.NamedValues(
+            ('gost28147-89-block', 64)
+    ))),
+    namedtype.NamedType('keyMeshing', AlgorithmIdentifier())
+)
+
+
+class Gost28147_89_Parameters(univ.Sequence):
+    pass
+
+Gost28147_89_Parameters.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('iv', Gost28147_89_IV()),
+    namedtype.NamedType('encryptionParamSet', Gost28147_89_ParamSet())
+)
+
+
+class GostR3410_2001_CertificateSignature(univ.BitString):
+    pass
+
+GostR3410_2001_CertificateSignature.subtypeSpec=constraint.ValueSizeConstraint(256, 512)
+
+
+class GostR3410_2001_ParamSetParameters(univ.Sequence):
+    pass
+
+GostR3410_2001_ParamSetParameters.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('a', univ.Integer()),
+    namedtype.NamedType('b', univ.Integer()),
+    namedtype.NamedType('p', univ.Integer()),
+    namedtype.NamedType('q', univ.Integer()),
+    namedtype.NamedType('x', univ.Integer()),
+    namedtype.NamedType('y', univ.Integer())
+)
+
+
+class GostR3410_2001_PublicKey(univ.OctetString):
+    pass
+
+GostR3410_2001_PublicKey.subtypeSpec = constraint.ValueSizeConstraint(64, 64)
+
+
+class GostR3410_2001_PublicKeyParameters(univ.Sequence):
+    pass
+
+GostR3410_2001_PublicKeyParameters.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('publicKeyParamSet', univ.ObjectIdentifier().subtype(
+        subtypeSpec=constraint.SingleValueConstraint(
+            id_GostR3410_2001_TestParamSet,
+            id_GostR3410_2001_CryptoPro_A_ParamSet,
+            id_GostR3410_2001_CryptoPro_B_ParamSet,
+            id_GostR3410_2001_CryptoPro_C_ParamSet,
+            id_GostR3410_2001_CryptoPro_XchA_ParamSet,
+            id_GostR3410_2001_CryptoPro_XchB_ParamSet
+    ))),
+    namedtype.NamedType('digestParamSet', univ.ObjectIdentifier().subtype(
+        subtypeSpec=constraint.SingleValueConstraint(
+            id_GostR3411_94_TestParamSet,
+            id_GostR3411_94_CryptoProParamSet
+    ))),
+    namedtype.DefaultedNamedType('encryptionParamSet',
+        Gost28147_89_ParamSet().subtype(value=id_Gost28147_89_CryptoPro_A_ParamSet
+    ))
+)
+
+
+class GostR3410_94_CertificateSignature(univ.BitString):
+    pass
+
+GostR3410_94_CertificateSignature.subtypeSpec = constraint.ValueSizeConstraint(256, 512)
+
+
+class GostR3410_94_ParamSetParameters_t(univ.Integer):
+    pass
+
+GostR3410_94_ParamSetParameters_t.subtypeSpec = constraint.SingleValueConstraint(512, 1024)
+
+
+class GostR3410_94_ParamSetParameters(univ.Sequence):
+    pass
+
+GostR3410_94_ParamSetParameters.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('t', GostR3410_94_ParamSetParameters_t()),
+    namedtype.NamedType('p', univ.Integer()),
+    namedtype.NamedType('q', univ.Integer()),
+    namedtype.NamedType('a', univ.Integer()),
+    namedtype.OptionalNamedType('validationAlgorithm', AlgorithmIdentifier())
+)
+
+
+class GostR3410_94_PublicKey(univ.OctetString):
+    pass
+
+GostR3410_94_PublicKey.subtypeSpec = constraint.ConstraintsUnion(
+    constraint.ValueSizeConstraint(64, 64),
+    constraint.ValueSizeConstraint(128, 128)
+)
+
+
+class GostR3410_94_PublicKeyParameters(univ.Sequence):
+    pass
+
+GostR3410_94_PublicKeyParameters.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('publicKeyParamSet', univ.ObjectIdentifier().subtype(
+        subtypeSpec=constraint.SingleValueConstraint(
+            id_GostR3410_94_TestParamSet,
+            id_GostR3410_94_CryptoPro_A_ParamSet,
+            id_GostR3410_94_CryptoPro_B_ParamSet,
+            id_GostR3410_94_CryptoPro_C_ParamSet,
+            id_GostR3410_94_CryptoPro_D_ParamSet,
+            id_GostR3410_94_CryptoPro_XchA_ParamSet,
+            id_GostR3410_94_CryptoPro_XchB_ParamSet,
+            id_GostR3410_94_CryptoPro_XchC_ParamSet
+    ))),
+    namedtype.NamedType('digestParamSet', univ.ObjectIdentifier().subtype(
+        subtypeSpec=constraint.SingleValueConstraint(
+            id_GostR3411_94_TestParamSet,
+            id_GostR3411_94_CryptoProParamSet
+    ))),
+    namedtype.DefaultedNamedType('encryptionParamSet',
+        Gost28147_89_ParamSet().subtype(value=id_Gost28147_89_CryptoPro_A_ParamSet
+    ))
+)
+
+
+class GostR3410_94_ValidationBisParameters_c(univ.Integer):
+    pass
+
+GostR3410_94_ValidationBisParameters_c.subtypeSpec = constraint.ValueRangeConstraint(0, 4294967295)
+
+
+class GostR3410_94_ValidationBisParameters(univ.Sequence):
+    pass
+
+GostR3410_94_ValidationBisParameters.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('x0', GostR3410_94_ValidationBisParameters_c()),
+    namedtype.NamedType('c', GostR3410_94_ValidationBisParameters_c()),
+    namedtype.OptionalNamedType('d', univ.Integer())
+)
+
+
+class GostR3410_94_ValidationParameters_c(univ.Integer):
+    pass
+
+GostR3410_94_ValidationParameters_c.subtypeSpec = constraint.ValueRangeConstraint(0, 65535)
+
+
+class GostR3410_94_ValidationParameters(univ.Sequence):
+    pass
+
+GostR3410_94_ValidationParameters.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('x0', GostR3410_94_ValidationParameters_c()),
+    namedtype.NamedType('c', GostR3410_94_ValidationParameters_c()),
+    namedtype.OptionalNamedType('d', univ.Integer())
+)
+
+
+class GostR3411_94_Digest(univ.OctetString):
+    pass
+
+GostR3411_94_Digest.subtypeSpec = constraint.ValueSizeConstraint(32, 32)
+
+
+class GostR3411_94_DigestParameters(univ.ObjectIdentifier):
+    pass
+
+GostR3411_94_DigestParameters.subtypeSpec = constraint.ConstraintsUnion(
+     constraint.SingleValueConstraint(id_GostR3411_94_TestParamSet),
+     constraint.SingleValueConstraint(id_GostR3411_94_CryptoProParamSet),
+)
+
+
+class GostR3411_94_ParamSetParameters(univ.Sequence):
+    pass
+
+GostR3411_94_ParamSetParameters.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('hUZ', Gost28147_89_UZ()),
+    namedtype.NamedType('h0', GostR3411_94_Digest())
+)
+
+
+# Update the Algorithm Identifier map in rfc5280.py
+
+_algorithmIdentifierMapUpdate = {
+    id_Gost28147_89: Gost28147_89_Parameters(),
+    id_Gost28147_89_TestParamSet: Gost28147_89_ParamSetParameters(),
+    id_Gost28147_89_CryptoPro_A_ParamSet: Gost28147_89_ParamSetParameters(),
+    id_Gost28147_89_CryptoPro_B_ParamSet: Gost28147_89_ParamSetParameters(),
+    id_Gost28147_89_CryptoPro_C_ParamSet: Gost28147_89_ParamSetParameters(),
+    id_Gost28147_89_CryptoPro_D_ParamSet: Gost28147_89_ParamSetParameters(),
+    id_Gost28147_89_CryptoPro_KeyMeshing: univ.Null(""),
+    id_Gost28147_89_None_KeyMeshing: univ.Null(""),
+    id_GostR3410_94: GostR3410_94_PublicKeyParameters(),
+    id_GostR3410_94_TestParamSet: GostR3410_94_ParamSetParameters(),
+    id_GostR3410_94_CryptoPro_A_ParamSet: GostR3410_94_ParamSetParameters(),
+    id_GostR3410_94_CryptoPro_B_ParamSet: GostR3410_94_ParamSetParameters(),
+    id_GostR3410_94_CryptoPro_C_ParamSet: GostR3410_94_ParamSetParameters(),
+    id_GostR3410_94_CryptoPro_D_ParamSet: GostR3410_94_ParamSetParameters(),
+    id_GostR3410_94_CryptoPro_XchA_ParamSet: GostR3410_94_ParamSetParameters(),
+    id_GostR3410_94_CryptoPro_XchB_ParamSet: GostR3410_94_ParamSetParameters(),
+    id_GostR3410_94_CryptoPro_XchC_ParamSet: GostR3410_94_ParamSetParameters(),
+    id_GostR3410_94_a: GostR3410_94_ValidationParameters(),
+    id_GostR3410_94_aBis: GostR3410_94_ValidationBisParameters(),
+    id_GostR3410_94_b: GostR3410_94_ValidationParameters(),
+    id_GostR3410_94_bBis: GostR3410_94_ValidationBisParameters(),
+    id_GostR3410_2001: univ.Null(""),
+    id_GostR3411_94: univ.Null(""),
+    id_GostR3411_94_TestParamSet: GostR3411_94_ParamSetParameters(),
+    id_GostR3411_94_CryptoProParamSet: GostR3411_94_ParamSetParameters(),
+}
+
+rfc5280.algorithmIdentifierMap.update(_algorithmIdentifierMapUpdate)
diff --git a/pyasn1_modules/rfc4490.py b/pyasn1_modules/rfc4490.py
new file mode 100644
index 0000000..b8fe321
--- /dev/null
+++ b/pyasn1_modules/rfc4490.py
@@ -0,0 +1,113 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Created by Russ Housley with assistance from asn1ate v.0.6.0.
+#
+# Copyright (c) 2019, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# Using the GOST 28147-89, GOST R 34.11-94, GOST R 34.10-94, and
+#   GOST R 34.10-2001 Algorithms with the CMS
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc4490.txt
+#
+
+
+from pyasn1.type import univ, char, namedtype, namedval, tag, constraint, useful
+
+from pyasn1_modules import rfc4357
+from pyasn1_modules import rfc5280
+
+
+# Imports from RFC 4357
+
+id_CryptoPro_algorithms = rfc4357.id_CryptoPro_algorithms
+
+id_GostR3410_94 = rfc4357.id_GostR3410_94
+
+id_GostR3410_2001 = rfc4357.id_GostR3410_2001
+
+Gost28147_89_ParamSet = rfc4357.Gost28147_89_ParamSet
+
+Gost28147_89_EncryptedKey = rfc4357.Gost28147_89_EncryptedKey
+
+GostR3410_94_PublicKeyParameters = rfc4357.GostR3410_94_PublicKeyParameters
+
+GostR3410_2001_PublicKeyParameters = rfc4357.GostR3410_2001_PublicKeyParameters
+
+
+# Imports from RFC 5280
+
+SubjectPublicKeyInfo = rfc5280.SubjectPublicKeyInfo
+
+
+# CMS/PKCS#7 key agreement algorithms & parameters
+
+class Gost28147_89_KeyWrapParameters(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('encryptionParamSet', Gost28147_89_ParamSet()),
+        namedtype.OptionalNamedType('ukm', univ.OctetString().subtype(
+            subtypeSpec=constraint.ValueSizeConstraint(8, 8)))
+    )
+
+
+id_Gost28147_89_CryptoPro_KeyWrap = id_CryptoPro_algorithms + (13, 1, )
+
+
+id_Gost28147_89_None_KeyWrap = id_CryptoPro_algorithms + (13, 0, )
+
+
+id_GostR3410_2001_CryptoPro_ESDH = id_CryptoPro_algorithms + (96, )
+
+
+id_GostR3410_94_CryptoPro_ESDH = id_CryptoPro_algorithms + (97, )
+
+
+# CMS/PKCS#7 key transport algorithms & parameters
+
+id_GostR3410_2001_KeyTransportSMIMECapability = id_GostR3410_2001
+
+
+id_GostR3410_94_KeyTransportSMIMECapability = id_GostR3410_94
+
+
+class GostR3410_TransportParameters(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('encryptionParamSet', Gost28147_89_ParamSet()),
+        namedtype.OptionalNamedType('ephemeralPublicKey', 
+            SubjectPublicKeyInfo().subtype(implicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.NamedType('ukm', univ.OctetString().subtype(
+            subtypeSpec=constraint.ValueSizeConstraint(8, 8)))
+    )
+
+class GostR3410_KeyTransport(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('sessionEncryptedKey', Gost28147_89_EncryptedKey()),
+        namedtype.OptionalNamedType('transportParameters',
+            GostR3410_TransportParameters().subtype(implicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatConstructed, 0)))
+    )
+
+
+# GOST R 34.10-94 signature algorithm & parameters
+
+class GostR3410_94_Signature(univ.OctetString):
+    subtypeSpec = constraint.ValueSizeConstraint(64, 64)
+
+
+# GOST R 34.10-2001 signature algorithms and parameters
+
+class GostR3410_2001_Signature(univ.OctetString):
+    subtypeSpec = constraint.ValueSizeConstraint(64, 64)
+
+
+# Update the Algorithm Identifier map in rfc5280.py
+
+_algorithmIdentifierMapUpdate = {
+    id_Gost28147_89_CryptoPro_KeyWrap: Gost28147_89_KeyWrapParameters(),
+    id_Gost28147_89_None_KeyWrap: Gost28147_89_KeyWrapParameters(),
+}
+
+rfc5280.algorithmIdentifierMap.update(_algorithmIdentifierMapUpdate)
diff --git a/pyasn1_modules/rfc4491.py b/pyasn1_modules/rfc4491.py
new file mode 100644
index 0000000..60b5560
--- /dev/null
+++ b/pyasn1_modules/rfc4491.py
@@ -0,0 +1,44 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Created by Russ Housley.
+#
+# Copyright (c) 2019, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# Using the GOST R 34.10-94, GOST R 34.10-2001, and GOST R 34.11-94
+#   Algorithms with Certificates and CRLs
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc4491.txt
+#
+
+from pyasn1_modules import rfc4357
+
+
+# Signature Algorithm GOST R 34.10-94
+
+id_GostR3411_94_with_GostR3410_94 = rfc4357.id_GostR3411_94_with_GostR3410_94
+
+
+# Signature Algorithm GOST R 34.10-2001
+
+id_GostR3411_94_with_GostR3410_2001 = rfc4357.id_GostR3411_94_with_GostR3410_2001
+
+
+# GOST R 34.10-94 Keys
+
+id_GostR3410_94 = rfc4357.id_GostR3410_94
+
+GostR3410_2001_PublicKey = rfc4357.GostR3410_2001_PublicKey
+
+GostR3410_2001_PublicKeyParameters = rfc4357.GostR3410_2001_PublicKeyParameters
+
+
+# GOST R 34.10-2001 Keys
+
+id_GostR3410_2001 = rfc4357.id_GostR3410_2001
+
+GostR3410_94_PublicKey = rfc4357.GostR3410_94_PublicKey
+
+GostR3410_94_PublicKeyParameters = rfc4357.GostR3410_94_PublicKeyParameters
diff --git a/tests/__main__.py b/tests/__main__.py
index ff12d97..1188a57 100644
--- a/tests/__main__.py
+++ b/tests/__main__.py
@@ -47,7 +47,10 @@ suite = unittest.TestLoader().loadTestsFromNames(
      'tests.test_rfc4210.suite',
      'tests.test_rfc4211.suite',
      'tests.test_rfc4334.suite',
+     'tests.test_rfc4357.suite',
      'tests.test_rfc4387.suite',
+     'tests.test_rfc4490.suite',
+     'tests.test_rfc4491.suite',
      'tests.test_rfc4985.suite',
      'tests.test_rfc5035.suite',
      'tests.test_rfc5083.suite',
diff --git a/tests/test_rfc4357.py b/tests/test_rfc4357.py
new file mode 100644
index 0000000..cf10d59
--- /dev/null
+++ b/tests/test_rfc4357.py
@@ -0,0 +1,248 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Copyright (c) 2019, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+import sys
+import unittest
+
+from pyasn1.type import univ
+
+from pyasn1.codec.der.decoder import decode as der_decoder
+from pyasn1.codec.der.encoder import encode as der_encoder
+
+from pyasn1_modules import pem
+from pyasn1_modules import rfc5652
+from pyasn1_modules import rfc5280
+from pyasn1_modules import rfc4357
+
+
+class SignedTestCase(unittest.TestCase):
+    signed_pem_text = """\
+MIIBKAYJKoZIhvcNAQcCoIIBGTCCARUCAQExDDAKBgYqhQMCAgkFADAbBgkqhkiG
+9w0BBwGgDgQMc2FtcGxlIHRleHQKMYHkMIHhAgEBMIGBMG0xHzAdBgNVBAMMFkdv
+c3RSMzQxMC0yMDAxIGV4YW1wbGUxEjAQBgNVBAoMCUNyeXB0b1BybzELMAkGA1UE
+BhMCUlUxKTAnBgkqhkiG9w0BCQEWGkdvc3RSMzQxMC0yMDAxQGV4YW1wbGUuY29t
+AhAr9cYewhG9F8fc1GJmtC4hMAoGBiqFAwICCQUAMAoGBiqFAwICEwUABEDAw0LZ
+P4/+JRERiHe/icPbg0IE1iD5aCqZ9v4wO+T0yPjVtNr74caRZzQfvKZ6DRJ7/RAl
+xlHbjbL0jHF+7XKp
+"""
+
+    def setUp(self):
+        self.asn1Spec = rfc5652.ContentInfo()
+
+    def testDerCodec(self):
+        substrate = pem.readBase64fromText(self.signed_pem_text)
+        asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec)
+        self.assertFalse(rest)
+        self.assertTrue(asn1Object.prettyPrint())
+        self.assertEqual(substrate, der_encoder(asn1Object))
+        self.assertEqual(rfc5652.id_signedData, asn1Object['contentType'])
+        
+        sd, rest = der_decoder(
+            asn1Object['content'], asn1Spec=rfc5652.SignedData())
+        self.assertFalse(rest)
+        self.assertTrue(sd.prettyPrint())
+        self.assertEqual(asn1Object['content'], der_encoder(sd))
+
+        encoded_null = der_encoder(univ.Null(""))
+
+        si = sd['signerInfos'][0]
+        self.assertEqual(rfc4357.id_GostR3411_94, si['digestAlgorithm']['algorithm'])
+        self.assertEqual(encoded_null, si['digestAlgorithm']['parameters'])
+
+        self.assertEqual(rfc4357.id_GostR3410_2001, si['signatureAlgorithm']['algorithm'])
+        self.assertEqual(encoded_null, si['signatureAlgorithm']['parameters'])
+        self.assertEqual(64, len(si['signature']))
+
+    def testOpenTypes(self):
+        substrate = pem.readBase64fromText(self.signed_pem_text)
+        asn1Object, rest = der_decoder(
+            substrate, asn1Spec=self.asn1Spec, decodeOpenTypes=True)
+        self.assertFalse(rest)
+        self.assertTrue(asn1Object.prettyPrint())
+        self.assertEqual(substrate, der_encoder(asn1Object))
+        self.assertEqual(rfc5652.id_signedData, asn1Object['contentType'])
+
+        si = asn1Object['content']['signerInfos'][0]
+        self.assertEqual(rfc4357.id_GostR3411_94, si['digestAlgorithm']['algorithm'])
+        self.assertEqual(univ.Null(""), si['digestAlgorithm']['parameters'])
+
+        self.assertEqual(rfc4357.id_GostR3410_2001, si['signatureAlgorithm']['algorithm'])
+        self.assertEqual(univ.Null(""), si['signatureAlgorithm']['parameters'])
+
+        self.assertEqual(64, len(si['signature']))
+
+class KeyAgreeTestCase(unittest.TestCase):
+    keyagree_pem_text = """\
+MIIBpAYJKoZIhvcNAQcDoIIBlTCCAZECAQIxggFQoYIBTAIBA6BloWMwHAYGKoUD
+AgITMBIGByqFAwICJAAGByqFAwICHgEDQwAEQLNVOfRngZcrpcTZhB8n+4HtCDLm
+mtTyAHi4/4Nk6tIdsHg8ff4DwfQG5DvMFrnF9vYZNxwXuKCqx9GhlLOlNiChCgQI
+L/D20YZLMoowHgYGKoUDAgJgMBQGByqFAwICDQAwCQYHKoUDAgIfATCBszCBsDCB
+gTBtMR8wHQYDVQQDDBZHb3N0UjM0MTAtMjAwMSBleGFtcGxlMRIwEAYDVQQKDAlD
+cnlwdG9Qcm8xCzAJBgNVBAYTAlJVMSkwJwYJKoZIhvcNAQkBFhpHb3N0UjM0MTAt
+MjAwMUBleGFtcGxlLmNvbQIQK/XGHsIRvRfH3NRiZrQuIQQqMCgEIBajHOfOTukN
+8ex0aQRoHsefOu24Ox8dSn75pdnLGdXoBAST/YZ+MDgGCSqGSIb3DQEHATAdBgYq
+hQMCAhUwEwQItzXhegc1oh0GByqFAwICHwGADDmxivS/qeJlJbZVyQ==
+"""
+
+    def setUp(self):
+        self.asn1Spec = rfc5652.ContentInfo()
+
+    def testDerCodec(self):
+        substrate = pem.readBase64fromText(self.keyagree_pem_text)
+        asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec)
+        self.assertFalse(rest)
+        self.assertTrue(asn1Object.prettyPrint())
+        self.assertEqual(substrate, der_encoder(asn1Object))
+        self.assertEqual(rfc5652.id_envelopedData, asn1Object['contentType'])
+
+        ed, rest = der_decoder(
+            asn1Object['content'], asn1Spec=rfc5652.EnvelopedData())
+        self.assertFalse(rest)
+        self.assertTrue(ed.prettyPrint())
+        self.assertEqual(asn1Object['content'], der_encoder(ed))
+
+        ri = ed['recipientInfos'][0]
+        alg1 = ri['kari']['originator']['originatorKey']['algorithm']
+        self.assertEqual(rfc4357.id_GostR3410_2001, alg1['algorithm'])
+        param1, rest = der_decoder(
+            alg1['parameters'],
+            asn1Spec=rfc4357.GostR3410_2001_PublicKeyParameters())
+        self.assertFalse(rest)
+        self.assertTrue(param1.prettyPrint())
+        self.assertEqual(alg1['parameters'], der_encoder(param1))
+
+        self.assertEqual(rfc4357.id_GostR3410_2001_CryptoPro_XchA_ParamSet, param1['publicKeyParamSet'])
+        self.assertEqual(rfc4357.id_GostR3411_94_CryptoProParamSet, param1['digestParamSet'])
+
+        self.assertEqual(8, len(ri['kari']['ukm']))
+    
+        alg2 = ed['encryptedContentInfo']['contentEncryptionAlgorithm']        
+        self.assertEqual(rfc4357.id_Gost28147_89, alg2['algorithm'], )
+        param2, rest = der_decoder(
+            alg2['parameters'],
+            asn1Spec=rfc4357.Gost28147_89_Parameters())
+        self.assertFalse(rest)
+        self.assertTrue(param1.prettyPrint())
+        self.assertEqual(alg2['parameters'], der_encoder(param2))
+        
+        self.assertEqual(8, len(param2['iv']))
+        self.assertEqual(rfc4357.id_Gost28147_89_CryptoPro_A_ParamSet, param2['encryptionParamSet'])
+
+    def testOpenTypes(self):
+        openTypeMap = {
+            rfc4357.id_GostR3410_2001: rfc4357.GostR3410_2001_PublicKeyParameters(),
+            rfc4357.id_Gost28147_89: rfc4357.Gost28147_89_Parameters(),
+        }
+
+        substrate = pem.readBase64fromText(self.keyagree_pem_text)
+        asn1Object, rest = der_decoder(
+            substrate, asn1Spec=self.asn1Spec,
+            openTypes=openTypeMap, decodeOpenTypes=True)
+        self.assertFalse(rest)
+        self.assertTrue(asn1Object.prettyPrint())
+        self.assertEqual(substrate, der_encoder(asn1Object))
+        self.assertEqual(rfc5652.id_envelopedData, asn1Object['contentType'])
+
+        ri = asn1Object['content']['recipientInfos'][0]
+        alg1 = ri['kari']['originator']['originatorKey']['algorithm']
+        self.assertEqual(rfc4357.id_GostR3410_2001, alg1['algorithm'])
+        param1 = alg1['parameters']
+        self.assertEqual(rfc4357.id_GostR3410_2001_CryptoPro_XchA_ParamSet, param1['publicKeyParamSet'])
+        self.assertEqual(rfc4357.id_GostR3411_94_CryptoProParamSet, param1['digestParamSet'])
+
+        self.assertEqual(8, len(ri['kari']['ukm']))
+    
+        alg2 = asn1Object['content']['encryptedContentInfo']['contentEncryptionAlgorithm']        
+        self.assertEqual(rfc4357.id_Gost28147_89, alg2['algorithm'])
+        param2 = alg2['parameters']
+        self.assertEqual(8, len(param2['iv']))
+        self.assertEqual(rfc4357.id_Gost28147_89_CryptoPro_A_ParamSet, param2['encryptionParamSet'])
+
+
+class KeyTransportTestCase(unittest.TestCase):
+    keytrans_pem_text = """\
+MIIBpwYJKoZIhvcNAQcDoIIBmDCCAZQCAQAxggFTMIIBTwIBADCBgTBtMR8wHQYD
+VQQDDBZHb3N0UjM0MTAtMjAwMSBleGFtcGxlMRIwEAYDVQQKDAlDcnlwdG9Qcm8x
+CzAJBgNVBAYTAlJVMSkwJwYJKoZIhvcNAQkBFhpHb3N0UjM0MTAtMjAwMUBleGFt
+cGxlLmNvbQIQK/XGHsIRvRfH3NRiZrQuITAcBgYqhQMCAhMwEgYHKoUDAgIkAAYH
+KoUDAgIeAQSBpzCBpDAoBCBqL6ghBpVon5/kR6qey2EVK35BYLxdjfv1PSgbGJr5
+dQQENm2Yt6B4BgcqhQMCAh8BoGMwHAYGKoUDAgITMBIGByqFAwICJAAGByqFAwIC
+HgEDQwAEQE0rLzOQ5tyj3VUqzd/g7/sx93N+Tv+/eImKK8PNMZQESw5gSJYf28dd
+Em/askCKd7W96vLsNMsjn5uL3Z4SwPYECJeV4ywrrSsMMDgGCSqGSIb3DQEHATAd
+BgYqhQMCAhUwEwQIvBCLHwv/NCkGByqFAwICHwGADKqOch3uT7Mu4w+hNw==
+"""
+
+    def setUp(self):
+        self.asn1Spec = rfc5652.ContentInfo()
+
+    def testDerCodec(self):
+        substrate = pem.readBase64fromText(self.keytrans_pem_text)
+        asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec)
+        self.assertFalse(rest)
+        self.assertTrue(asn1Object.prettyPrint())
+        self.assertEqual(substrate, der_encoder(asn1Object))
+        self.assertEqual(rfc5652.id_envelopedData, asn1Object['contentType'])
+
+        ed, rest = der_decoder(
+            asn1Object['content'], asn1Spec=rfc5652.EnvelopedData())
+        self.assertFalse(rest)
+        self.assertTrue(ed.prettyPrint())
+        self.assertEqual(asn1Object['content'], der_encoder(ed))
+
+        ri = ed['recipientInfos'][0]
+        alg1 = ri['ktri']['keyEncryptionAlgorithm']
+        self.assertEqual(rfc4357.id_GostR3410_2001, alg1['algorithm'])
+        param1, rest = der_decoder(
+            alg1['parameters'], asn1Spec=rfc4357.GostR3410_2001_PublicKeyParameters())
+        self.assertFalse(rest)
+        self.assertTrue(param1.prettyPrint())
+        self.assertEqual(alg1['parameters'], der_encoder(param1))
+        self.assertEqual(rfc4357.id_GostR3410_2001_CryptoPro_XchA_ParamSet, param1['publicKeyParamSet'])
+        self.assertEqual(rfc4357.id_GostR3411_94_CryptoProParamSet, param1['digestParamSet'])
+
+        alg2 = ed['encryptedContentInfo']['contentEncryptionAlgorithm']        
+        self.assertEqual(rfc4357.id_Gost28147_89, alg2['algorithm'])
+        param2, rest = der_decoder(
+            alg2['parameters'], asn1Spec=rfc4357.Gost28147_89_Parameters())
+        self.assertFalse(rest)
+        self.assertTrue(param2.prettyPrint())
+        self.assertEqual(alg2['parameters'], der_encoder(param2))
+        self.assertEqual(8, len(param2['iv']))
+        self.assertEqual(rfc4357.id_Gost28147_89_CryptoPro_A_ParamSet, param2['encryptionParamSet'])
+
+    def testOpenTypes(self):
+        openTypeMap = {
+            rfc4357.id_GostR3410_2001: rfc4357.GostR3410_2001_PublicKeyParameters(),
+            rfc4357.id_Gost28147_89: rfc4357.Gost28147_89_Parameters(),
+        }
+
+        substrate = pem.readBase64fromText(self.keytrans_pem_text)
+        asn1Object, rest = der_decoder(
+            substrate, asn1Spec=self.asn1Spec,
+            openTypes=openTypeMap, decodeOpenTypes=True)
+        self.assertFalse(rest)
+        self.assertTrue(asn1Object.prettyPrint())
+        self.assertEqual(substrate, der_encoder(asn1Object))
+
+        ri = asn1Object['content']['recipientInfos'][0]
+        alg1 = ri['ktri']['keyEncryptionAlgorithm']
+        self.assertEqual(rfc4357.id_GostR3410_2001, alg1['algorithm'])
+        param1 = alg1['parameters']
+        self.assertEqual(rfc4357.id_GostR3410_2001_CryptoPro_XchA_ParamSet, param1['publicKeyParamSet'])
+        self.assertEqual(rfc4357.id_GostR3411_94_CryptoProParamSet, param1['digestParamSet'])
+
+        alg2 = asn1Object['content']['encryptedContentInfo']['contentEncryptionAlgorithm']        
+        self.assertEqual(rfc4357.id_Gost28147_89, alg2['algorithm'])
+        param2 = alg2['parameters']
+        self.assertEqual(8, len(param2['iv']))
+        self.assertEqual(rfc4357.id_Gost28147_89_CryptoPro_A_ParamSet, param2['encryptionParamSet'])
+
+
+suite = unittest.TestLoader().loadTestsFromModule(sys.modules[__name__])
+
+if __name__ == '__main__':
+    result = unittest.TextTestRunner(verbosity=2).run(suite)
+    sys.exit(not result.wasSuccessful())
diff --git a/tests/test_rfc4490.py b/tests/test_rfc4490.py
new file mode 100644
index 0000000..5c3b8cf
--- /dev/null
+++ b/tests/test_rfc4490.py
@@ -0,0 +1,274 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Copyright (c) 2019, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+import sys
+import unittest
+
+from pyasn1.type import univ
+
+from pyasn1.codec.der.decoder import decode as der_decoder
+from pyasn1.codec.der.encoder import encode as der_encoder
+
+from pyasn1_modules import pem
+from pyasn1_modules import rfc5652
+from pyasn1_modules import rfc5280
+from pyasn1_modules import rfc4357
+from pyasn1_modules import rfc4490
+
+
+class SignedTestCase(unittest.TestCase):
+    signed_pem_text = """\
+MIIBKAYJKoZIhvcNAQcCoIIBGTCCARUCAQExDDAKBgYqhQMCAgkFADAbBgkqhkiG
+9w0BBwGgDgQMc2FtcGxlIHRleHQKMYHkMIHhAgEBMIGBMG0xHzAdBgNVBAMMFkdv
+c3RSMzQxMC0yMDAxIGV4YW1wbGUxEjAQBgNVBAoMCUNyeXB0b1BybzELMAkGA1UE
+BhMCUlUxKTAnBgkqhkiG9w0BCQEWGkdvc3RSMzQxMC0yMDAxQGV4YW1wbGUuY29t
+AhAr9cYewhG9F8fc1GJmtC4hMAoGBiqFAwICCQUAMAoGBiqFAwICEwUABEDAw0LZ
+P4/+JRERiHe/icPbg0IE1iD5aCqZ9v4wO+T0yPjVtNr74caRZzQfvKZ6DRJ7/RAl
+xlHbjbL0jHF+7XKp
+"""
+
+    def setUp(self):
+        self.asn1Spec = rfc5652.ContentInfo()
+
+    def testDerCodec(self):
+        substrate = pem.readBase64fromText(self.signed_pem_text)
+        asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec)
+        self.assertFalse(rest)
+        self.assertTrue(asn1Object.prettyPrint())
+        self.assertEqual(substrate, der_encoder(asn1Object))
+        self.assertEqual(rfc5652.id_signedData, asn1Object['contentType'])
+        
+        sd, rest = der_decoder(
+            asn1Object['content'], asn1Spec=rfc5652.SignedData())
+        self.assertFalse(rest)
+        self.assertTrue(sd.prettyPrint())
+        self.assertEqual(asn1Object['content'], der_encoder(sd))
+
+        encoded_null = der_encoder(univ.Null(""))
+
+        si = sd['signerInfos'][0]
+        self.assertEqual(rfc4357.id_GostR3411_94, si['digestAlgorithm']['algorithm'])
+        self.assertEqual(encoded_null, si['digestAlgorithm']['parameters'])
+
+        self.assertEqual(rfc4357.id_GostR3410_2001, si['signatureAlgorithm']['algorithm'])
+        self.assertEqual(encoded_null, si['signatureAlgorithm']['parameters'])
+
+        sig = rfc4490.GostR3410_2001_Signature()
+        sig = si['signature']
+        self.assertEqual(64, len(sig))
+
+    def testOpenTypes(self):
+        substrate = pem.readBase64fromText(self.signed_pem_text)
+        asn1Object, rest = der_decoder(
+            substrate, asn1Spec=self.asn1Spec, decodeOpenTypes=True)
+        self.assertFalse(rest)
+        self.assertTrue(asn1Object.prettyPrint())
+        self.assertEqual(substrate, der_encoder(asn1Object))
+        self.assertEqual(rfc5652.id_signedData, asn1Object['contentType'])
+
+        si = asn1Object['content']['signerInfos'][0]
+        self.assertEqual(rfc4357.id_GostR3411_94, si['digestAlgorithm']['algorithm'])
+        self.assertEqual(univ.Null(""), si['digestAlgorithm']['parameters'])
+
+        self.assertEqual(rfc4357.id_GostR3410_2001, si['signatureAlgorithm']['algorithm'])
+        self.assertEqual(univ.Null(""), si['signatureAlgorithm']['parameters'])
+
+        sig = rfc4490.GostR3410_2001_Signature()
+        sig = si['signature']
+        self.assertEqual(64, len(sig))
+
+class KeyAgreeTestCase(unittest.TestCase):
+    keyagree_pem_text = """\
+MIIBpAYJKoZIhvcNAQcDoIIBlTCCAZECAQIxggFQoYIBTAIBA6BloWMwHAYGKoUD
+AgITMBIGByqFAwICJAAGByqFAwICHgEDQwAEQLNVOfRngZcrpcTZhB8n+4HtCDLm
+mtTyAHi4/4Nk6tIdsHg8ff4DwfQG5DvMFrnF9vYZNxwXuKCqx9GhlLOlNiChCgQI
+L/D20YZLMoowHgYGKoUDAgJgMBQGByqFAwICDQAwCQYHKoUDAgIfATCBszCBsDCB
+gTBtMR8wHQYDVQQDDBZHb3N0UjM0MTAtMjAwMSBleGFtcGxlMRIwEAYDVQQKDAlD
+cnlwdG9Qcm8xCzAJBgNVBAYTAlJVMSkwJwYJKoZIhvcNAQkBFhpHb3N0UjM0MTAt
+MjAwMUBleGFtcGxlLmNvbQIQK/XGHsIRvRfH3NRiZrQuIQQqMCgEIBajHOfOTukN
+8ex0aQRoHsefOu24Ox8dSn75pdnLGdXoBAST/YZ+MDgGCSqGSIb3DQEHATAdBgYq
+hQMCAhUwEwQItzXhegc1oh0GByqFAwICHwGADDmxivS/qeJlJbZVyQ==
+"""
+
+    def setUp(self):
+        self.asn1Spec = rfc5652.ContentInfo()
+
+    def testDerCodec(self):
+        substrate = pem.readBase64fromText(self.keyagree_pem_text)
+        asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec)
+        self.assertFalse(rest)
+        self.assertTrue(asn1Object.prettyPrint())
+        self.assertEqual(substrate, der_encoder(asn1Object))
+        self.assertEqual(rfc5652.id_envelopedData, asn1Object['contentType'])
+
+        ed, rest = der_decoder(
+            asn1Object['content'], asn1Spec=rfc5652.EnvelopedData())
+        self.assertFalse(rest)
+        self.assertTrue(ed.prettyPrint())
+        self.assertEqual(asn1Object['content'], der_encoder(ed))
+
+        ri = ed['recipientInfos'][0]
+        alg1 = ri['kari']['originator']['originatorKey']['algorithm']
+        self.assertEqual(rfc4357.id_GostR3410_2001, alg1['algorithm'])
+        param1, rest = der_decoder(
+            alg1['parameters'],
+            asn1Spec=rfc4357.GostR3410_2001_PublicKeyParameters())
+        self.assertFalse(rest)
+        self.assertTrue(param1.prettyPrint())
+        self.assertEqual(alg1['parameters'], der_encoder(param1))
+
+        self.assertEqual(rfc4357.id_GostR3410_2001_CryptoPro_XchA_ParamSet, param1['publicKeyParamSet'])
+        self.assertEqual(rfc4357.id_GostR3411_94_CryptoProParamSet, param1['digestParamSet'])
+
+        self.assertEqual(8, len(ri['kari']['ukm']))
+    
+        alg2 = ri['kari']['keyEncryptionAlgorithm']
+        self.assertEqual(rfc4490.id_GostR3410_2001_CryptoPro_ESDH, alg2['algorithm'])
+        param2, rest = der_decoder(
+            alg2['parameters'], asn1Spec=rfc4357.AlgorithmIdentifier())
+        self.assertFalse(rest)
+        self.assertTrue(param2.prettyPrint())
+        self.assertEqual(alg2['parameters'], der_encoder(param2))
+
+        self.assertEqual(rfc4490.id_Gost28147_89_None_KeyWrap, param2['algorithm'])
+        kwa_p, rest = der_decoder(
+            param2['parameters'], asn1Spec=rfc4490.Gost28147_89_KeyWrapParameters())
+        self.assertFalse(rest)
+        self.assertTrue(kwa_p.prettyPrint())
+        self.assertEqual(param2['parameters'], der_encoder(kwa_p))
+        self.assertEqual(rfc4357.id_Gost28147_89_CryptoPro_A_ParamSet, kwa_p['encryptionParamSet'])
+
+        alg3 = ed['encryptedContentInfo']['contentEncryptionAlgorithm']        
+        self.assertEqual(rfc4357.id_Gost28147_89, alg3['algorithm'])
+        param3, rest = der_decoder(alg3['parameters'], asn1Spec=rfc4357.Gost28147_89_Parameters())
+        self.assertFalse(rest)
+        self.assertTrue(param3.prettyPrint())
+        self.assertEqual(alg3['parameters'], der_encoder(param3))
+        self.assertEqual(8, len(param3['iv']))
+        self.assertEqual(rfc4357.id_Gost28147_89_CryptoPro_A_ParamSet, param3['encryptionParamSet'])
+
+    def testOpenTypes(self):
+        openTypeMap = {
+            rfc4357.id_GostR3410_2001: rfc4357.GostR3410_2001_PublicKeyParameters(),
+            rfc4357.id_Gost28147_89: rfc4357.Gost28147_89_Parameters(),
+            rfc4490.id_GostR3410_2001_CryptoPro_ESDH: rfc5280.AlgorithmIdentifier(),
+        }
+
+        substrate = pem.readBase64fromText(self.keyagree_pem_text)
+        asn1Object, rest = der_decoder(
+            substrate, asn1Spec=self.asn1Spec,
+            openTypes=openTypeMap, decodeOpenTypes=True)
+        self.assertFalse(rest)
+        self.assertTrue(asn1Object.prettyPrint())
+        self.assertEqual(substrate, der_encoder(asn1Object))
+        self.assertEqual(rfc5652.id_envelopedData, asn1Object['contentType'])
+
+        ri = asn1Object['content']['recipientInfos'][0]
+        alg1 = ri['kari']['originator']['originatorKey']['algorithm']
+        self.assertEqual(rfc4357.id_GostR3410_2001, alg1['algorithm'])
+        param1 = alg1['parameters']
+        self.assertEqual(rfc4357.id_GostR3410_2001_CryptoPro_XchA_ParamSet, param1['publicKeyParamSet'])
+        self.assertEqual(rfc4357.id_GostR3411_94_CryptoProParamSet, param1['digestParamSet'])
+
+        self.assertEqual(8, len(ri['kari']['ukm']))
+
+        alg2 = ri['kari']['keyEncryptionAlgorithm']
+        self.assertEqual(rfc4490.id_GostR3410_2001_CryptoPro_ESDH, alg2['algorithm'])
+        param2 = alg2['parameters']
+        self.assertEqual(rfc4490.id_Gost28147_89_None_KeyWrap, param2['algorithm'])
+        kwa_p = param2['parameters']
+        self.assertEqual(rfc4357.id_Gost28147_89_CryptoPro_A_ParamSet, kwa_p['encryptionParamSet'])
+    
+        alg3 = asn1Object['content']['encryptedContentInfo']['contentEncryptionAlgorithm']        
+        self.assertEqual(rfc4357.id_Gost28147_89, alg3['algorithm'])
+        param3 = alg3['parameters']
+        self.assertEqual(8, len(param3['iv']))
+        self.assertEqual(rfc4357.id_Gost28147_89_CryptoPro_A_ParamSet, param3['encryptionParamSet'])
+
+class KeyTransportTestCase(unittest.TestCase):
+    keytrans_pem_text = """\
+MIIBpwYJKoZIhvcNAQcDoIIBmDCCAZQCAQAxggFTMIIBTwIBADCBgTBtMR8wHQYD
+VQQDDBZHb3N0UjM0MTAtMjAwMSBleGFtcGxlMRIwEAYDVQQKDAlDcnlwdG9Qcm8x
+CzAJBgNVBAYTAlJVMSkwJwYJKoZIhvcNAQkBFhpHb3N0UjM0MTAtMjAwMUBleGFt
+cGxlLmNvbQIQK/XGHsIRvRfH3NRiZrQuITAcBgYqhQMCAhMwEgYHKoUDAgIkAAYH
+KoUDAgIeAQSBpzCBpDAoBCBqL6ghBpVon5/kR6qey2EVK35BYLxdjfv1PSgbGJr5
+dQQENm2Yt6B4BgcqhQMCAh8BoGMwHAYGKoUDAgITMBIGByqFAwICJAAGByqFAwIC
+HgEDQwAEQE0rLzOQ5tyj3VUqzd/g7/sx93N+Tv+/eImKK8PNMZQESw5gSJYf28dd
+Em/askCKd7W96vLsNMsjn5uL3Z4SwPYECJeV4ywrrSsMMDgGCSqGSIb3DQEHATAd
+BgYqhQMCAhUwEwQIvBCLHwv/NCkGByqFAwICHwGADKqOch3uT7Mu4w+hNw==
+"""
+
+    def setUp(self):
+        self.asn1Spec = rfc5652.ContentInfo()
+
+    def testDerCodec(self):
+        substrate = pem.readBase64fromText(self.keytrans_pem_text)
+        asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec)
+        self.assertFalse(rest)
+        self.assertTrue(asn1Object.prettyPrint())
+        self.assertEqual(substrate, der_encoder(asn1Object))
+        self.assertEqual(rfc5652.id_envelopedData, asn1Object['contentType'])
+
+        ed, rest = der_decoder(
+            asn1Object['content'], asn1Spec=rfc5652.EnvelopedData())
+        self.assertFalse(rest)
+        self.assertTrue(ed.prettyPrint())
+        self.assertEqual(asn1Object['content'], der_encoder(ed))
+
+        ri = ed['recipientInfos'][0]
+        alg1 = ri['ktri']['keyEncryptionAlgorithm']
+        self.assertEqual(rfc4357.id_GostR3410_2001, alg1['algorithm'])
+        param1, rest = der_decoder(
+            alg1['parameters'], asn1Spec=rfc4357.GostR3410_2001_PublicKeyParameters())
+        self.assertFalse(rest)
+        self.assertTrue(param1.prettyPrint())
+        self.assertEqual(alg1['parameters'], der_encoder(param1))
+        self.assertEqual(rfc4357.id_GostR3410_2001_CryptoPro_XchA_ParamSet, param1['publicKeyParamSet'])
+        self.assertEqual(rfc4357.id_GostR3411_94_CryptoProParamSet, param1['digestParamSet'])
+
+        alg2 = ed['encryptedContentInfo']['contentEncryptionAlgorithm']        
+        self.assertEqual(rfc4357.id_Gost28147_89, alg2['algorithm'])
+        param2, rest = der_decoder(
+            alg2['parameters'], asn1Spec=rfc4357.Gost28147_89_Parameters())
+        self.assertFalse(rest)
+        self.assertTrue(param2.prettyPrint())
+        self.assertEqual(alg2['parameters'], der_encoder(param2))
+        self.assertEqual(8, len(param2['iv']))
+        self.assertEqual(rfc4357.id_Gost28147_89_CryptoPro_A_ParamSet, param2['encryptionParamSet'])
+
+    def testOpenTypes(self):
+        openTypeMap = {
+            rfc4357.id_GostR3410_2001: rfc4357.GostR3410_2001_PublicKeyParameters(),
+            rfc4357.id_Gost28147_89: rfc4357.Gost28147_89_Parameters(),
+        }
+
+        substrate = pem.readBase64fromText(self.keytrans_pem_text)
+        asn1Object, rest = der_decoder(
+            substrate, asn1Spec=self.asn1Spec,
+            openTypes=openTypeMap, decodeOpenTypes=True)
+        self.assertFalse(rest)
+        self.assertTrue(asn1Object.prettyPrint())
+        self.assertEqual(substrate, der_encoder(asn1Object))
+
+        ri = asn1Object['content']['recipientInfos'][0]
+        alg1 = ri['ktri']['keyEncryptionAlgorithm']
+        self.assertEqual(rfc4357.id_GostR3410_2001, alg1['algorithm'])
+        param1 = alg1['parameters']
+        self.assertEqual(rfc4357.id_GostR3410_2001_CryptoPro_XchA_ParamSet, param1['publicKeyParamSet'])
+        self.assertEqual(rfc4357.id_GostR3411_94_CryptoProParamSet, param1['digestParamSet'])
+
+        alg2 = asn1Object['content']['encryptedContentInfo']['contentEncryptionAlgorithm']        
+        self.assertEqual(rfc4357.id_Gost28147_89, alg2['algorithm'])
+        param2 = alg2['parameters']
+        self.assertEqual(8, len(param2['iv']))
+        self.assertEqual(rfc4357.id_Gost28147_89_CryptoPro_A_ParamSet, param2['encryptionParamSet'])
+
+
+suite = unittest.TestLoader().loadTestsFromModule(sys.modules[__name__])
+
+if __name__ == '__main__':
+    result = unittest.TextTestRunner(verbosity=2).run(suite)
+    sys.exit(not result.wasSuccessful())
diff --git a/tests/test_rfc4491.py b/tests/test_rfc4491.py
new file mode 100644
index 0000000..24b94a9
--- /dev/null
+++ b/tests/test_rfc4491.py
@@ -0,0 +1,156 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Copyright (c) 2019, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+import sys
+import unittest
+
+from pyasn1.codec.der.decoder import decode as der_decoder
+from pyasn1.codec.der.encoder import encode as der_encoder
+
+from pyasn1_modules import pem
+from pyasn1_modules import rfc5280
+from pyasn1_modules import rfc4491
+from pyasn1_modules import rfc4357
+
+
+class GostR341094CertificateTestCase(unittest.TestCase):
+    gostR3410_94_cert_pem_text = """\
+MIICCzCCAboCECMO42BGlSTOxwvklBgufuswCAYGKoUDAgIEMGkxHTAbBgNVBAMM
+FEdvc3RSMzQxMC05NCBleGFtcGxlMRIwEAYDVQQKDAlDcnlwdG9Qcm8xCzAJBgNV
+BAYTAlJVMScwJQYJKoZIhvcNAQkBFhhHb3N0UjM0MTAtOTRAZXhhbXBsZS5jb20w
+HhcNMDUwODE2MTIzMjUwWhcNMTUwODE2MTIzMjUwWjBpMR0wGwYDVQQDDBRHb3N0
+UjM0MTAtOTQgZXhhbXBsZTESMBAGA1UECgwJQ3J5cHRvUHJvMQswCQYDVQQGEwJS
+VTEnMCUGCSqGSIb3DQEJARYYR29zdFIzNDEwLTk0QGV4YW1wbGUuY29tMIGlMBwG
+BiqFAwICFDASBgcqhQMCAiACBgcqhQMCAh4BA4GEAASBgLuEZuF5nls02CyAfxOo
+GWZxV/6MVCUhR28wCyd3RpjG+0dVvrey85NsObVCNyaE4g0QiiQOHwxCTSs7ESuo
+v2Y5MlyUi8Go/htjEvYJJYfMdRv05YmKCYJo01x3pg+2kBATjeM+fJyR1qwNCCw+
+eMG1wra3Gqgqi0WBkzIydvp7MAgGBiqFAwICBANBABHHCH4S3ALxAiMpR3aPRyqB
+g1DjB8zy5DEjiULIc+HeIveF81W9lOxGkZxnrFjXBSqnjLeFKgF1hffXOAP7zUM=
+"""
+
+    def setUp(self):
+        self.asn1Spec = rfc5280.Certificate()
+
+    def testDerCodec(self):
+        substrate = pem.readBase64fromText(self.gostR3410_94_cert_pem_text)
+        asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec)
+        self.assertFalse(rest)
+        self.assertTrue(asn1Object.prettyPrint())
+        self.assertEqual(substrate, der_encoder(asn1Object))
+        
+        sa1 = asn1Object['signatureAlgorithm']['algorithm']
+        self.assertEqual(rfc4491.id_GostR3411_94_with_GostR3410_94, sa1)
+
+        sa2 = asn1Object['tbsCertificate']['signature']['algorithm']
+        self.assertEqual(rfc4491.id_GostR3411_94_with_GostR3410_94, sa2)
+
+        spki_a = asn1Object['tbsCertificate']['subjectPublicKeyInfo']['algorithm']
+        self.assertEqual(rfc4491.id_GostR3410_94, spki_a['algorithm'])
+
+        pk_p, rest = der_decoder(
+            spki_a['parameters'],
+            asn1Spec=rfc4491.GostR3410_94_PublicKeyParameters())
+
+        self.assertFalse(rest)
+        self.assertTrue(pk_p.prettyPrint())
+        self.assertEqual(spki_a['parameters'], der_encoder(pk_p))
+        self.assertEqual(rfc4357.id_GostR3411_94_CryptoProParamSet, pk_p['digestParamSet'])
+
+    def testOpenTypes(self):
+        openTypesMap = {
+            rfc4491.id_GostR3410_94: rfc4491.GostR3410_94_PublicKeyParameters(),
+        }
+
+        substrate = pem.readBase64fromText(self.gostR3410_94_cert_pem_text)
+        asn1Object, rest = der_decoder(
+            substrate, asn1Spec=self.asn1Spec,
+            openTypes=openTypesMap, decodeOpenTypes=True)
+
+        self.assertFalse(rest)
+        self.assertTrue(asn1Object.prettyPrint())
+        self.assertEqual(substrate, der_encoder(asn1Object))
+
+        sa1 = asn1Object['signatureAlgorithm']['algorithm']
+        self.assertEqual(rfc4491.id_GostR3411_94_with_GostR3410_94, sa1)
+
+        sa2 = asn1Object['tbsCertificate']['signature']['algorithm']
+        self.assertEqual(rfc4491.id_GostR3411_94_with_GostR3410_94, sa2)
+
+        spki_a = asn1Object['tbsCertificate']['subjectPublicKeyInfo']['algorithm']
+        self.assertEqual(rfc4491.id_GostR3410_94, spki_a['algorithm'])
+        self.assertEqual(rfc4357.id_GostR3411_94_CryptoProParamSet, spki_a['parameters']['digestParamSet'])
+
+class GostR34102001CertificateTestCase(unittest.TestCase):
+    gostR3410_2001_cert_pem_text = """\
+MIIB0DCCAX8CECv1xh7CEb0Xx9zUYma0LiEwCAYGKoUDAgIDMG0xHzAdBgNVBAMM
+Fkdvc3RSMzQxMC0yMDAxIGV4YW1wbGUxEjAQBgNVBAoMCUNyeXB0b1BybzELMAkG
+A1UEBhMCUlUxKTAnBgkqhkiG9w0BCQEWGkdvc3RSMzQxMC0yMDAxQGV4YW1wbGUu
+Y29tMB4XDTA1MDgxNjE0MTgyMFoXDTE1MDgxNjE0MTgyMFowbTEfMB0GA1UEAwwW
+R29zdFIzNDEwLTIwMDEgZXhhbXBsZTESMBAGA1UECgwJQ3J5cHRvUHJvMQswCQYD
+VQQGEwJSVTEpMCcGCSqGSIb3DQEJARYaR29zdFIzNDEwLTIwMDFAZXhhbXBsZS5j
+b20wYzAcBgYqhQMCAhMwEgYHKoUDAgIkAAYHKoUDAgIeAQNDAARAhJVodWACGkB1
+CM0TjDGJLP3lBQN6Q1z0bSsP508yfleP68wWuZWIA9CafIWuD+SN6qa7flbHy7Df
+D2a8yuoaYDAIBgYqhQMCAgMDQQA8L8kJRLcnqeyn1en7U23Sw6pkfEQu3u0xFkVP
+vFQ/3cHeF26NG+xxtZPz3TaTVXdoiYkXYiD02rEx1bUcM97i
+"""
+
+    def setUp(self):
+        self.asn1Spec = rfc5280.Certificate()
+
+    def testDerCodec(self):
+        substrate = pem.readBase64fromText(self.gostR3410_2001_cert_pem_text)
+        asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec)
+        self.assertFalse(rest)
+        self.assertTrue(asn1Object.prettyPrint())
+        self.assertEqual(substrate, der_encoder(asn1Object))
+
+        sa1 = asn1Object['signatureAlgorithm']['algorithm']
+        self.assertEqual(rfc4491.id_GostR3411_94_with_GostR3410_2001, sa1)
+
+        sa2 = asn1Object['tbsCertificate']['signature']['algorithm']
+        self.assertEqual(rfc4491.id_GostR3411_94_with_GostR3410_2001, sa2)
+
+        spki_a = asn1Object['tbsCertificate']['subjectPublicKeyInfo']['algorithm']
+        self.assertEqual(rfc4491.id_GostR3410_2001, spki_a['algorithm'])
+
+        pk_p, rest = der_decoder(
+            spki_a['parameters'], asn1Spec=rfc4491.GostR3410_2001_PublicKeyParameters())
+
+        self.assertFalse(rest)
+        self.assertTrue(pk_p.prettyPrint())
+        self.assertEqual(spki_a['parameters'], der_encoder(pk_p))
+        self.assertEqual(rfc4357.id_GostR3411_94_CryptoProParamSet, pk_p['digestParamSet'])
+
+    def testOpenTypes(self):
+        openTypeMap = {
+            rfc4491.id_GostR3410_2001: rfc4491.GostR3410_2001_PublicKeyParameters(),
+        }
+
+        substrate = pem.readBase64fromText(self.gostR3410_2001_cert_pem_text)
+        asn1Object, rest = der_decoder(
+            substrate, asn1Spec=self.asn1Spec,
+            openTypes=openTypeMap, decodeOpenTypes=True)
+
+        self.assertFalse(rest)
+        self.assertTrue(asn1Object.prettyPrint())
+        self.assertEqual(substrate, der_encoder(asn1Object))
+
+        sa1 = asn1Object['signatureAlgorithm']['algorithm']
+        self.assertEqual(rfc4491.id_GostR3411_94_with_GostR3410_2001, sa1)
+
+        sa2 = asn1Object['tbsCertificate']['signature']['algorithm']
+        self.assertEqual(rfc4491.id_GostR3411_94_with_GostR3410_2001, sa2)
+
+        spki_a = asn1Object['tbsCertificate']['subjectPublicKeyInfo']['algorithm']
+        self.assertEqual(rfc4491.id_GostR3410_2001, spki_a['algorithm'])
+        self.assertEqual(rfc4357.id_GostR3411_94_CryptoProParamSet, spki_a['parameters']['digestParamSet'])
+
+
+suite = unittest.TestLoader().loadTestsFromModule(sys.modules[__name__])
+
+if __name__ == '__main__':
+    result = unittest.TextTestRunner(verbosity=2).run(suite)
+    sys.exit(not result.wasSuccessful())
author	Russ Housley <housley@vigilsec.com>	2019-12-09 16:21:35 -0500
committer	Ilya Etingof <etingof@gmail.com>	2019-12-09 22:21:35 +0100
commit	82639c183bb56d6acb2390a54b60c0a94ce92a2c (patch)
tree	ee504e95b1d60b05691a4c32fe3c4746e5d09ace
parent	85e354140c6ffa5892f38eec34918fdcc4b4c977 (diff)
download	pyasn1-modules-82639c183bb56d6acb2390a54b60c0a94ce92a2c.tar.gz