def testDecode4(self):
# One very long integer
der = DerSequence()
der.decode(b('0\x82\x01\x05')+
b('\x02\x82\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00')+
b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')+
b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')+
b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')+
b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')+
b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')+
b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')+
b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')+
b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')+
b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')+
b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')+
b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')+
b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')+
b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')+
b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')+
b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')+
b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')+
b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')+
b('\x00\x00\x00\x00\x00\x00\x00\x00\x00'))
self.assertEquals(len(der),1)
self.assertEquals(der[0],2L**2048)
def testDecode6(self):
# Two integers
der = DerSequence()
der.decode(b('0\x08\x02\x02\x01\x80\x02\x02\x00\xff'))
self.assertEquals(len(der),2)
self.assertEquals(der[0],0x180L)
self.assertEquals(der[1],0xFFL)
def testDecode4(self):
# One very long integer
der = DerSequence()
der.decode(
b('0\x82\x01\x05') +
b('\x02\x82\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00') +
b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') +
b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') +
b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') +
b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') +
b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') +
b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') +
b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') +
b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') +
b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') +
b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') +
b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') +
b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') +
b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') +
b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') +
b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') +
b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') +
b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') +
b('\x00\x00\x00\x00\x00\x00\x00\x00\x00'))
self.assertEquals(len(der), 1)
self.assertEquals(der[0], 2**2048)
def rsa_public_from_der_certificate(certificate):
# Extract subject_public_key_info field from X.509 certificate (see RFC3280)
try:
# try to extract pubkey from scapy.layers.x509 X509Cert type in case
# der_certificate is of type X509Cert
# Note: der_certificate may not be of type X509Cert if it wasn't
# received completely, in that case, we'll try to extract it anyway
# using the old method.
# TODO: get rid of the old method and always expect X509Cert obj ?
return RSA.importKey(str(certificate.tbsCertificate.subjectPublicKeyInfo))
except AttributeError:
pass
# Fallback method, may pot. allow to extract pubkey from incomplete der streams
cert = DerSequence()
cert.decode(certificate)
tbs_certificate = DerSequence()
tbs_certificate.decode(cert[0]) # first DER SEQUENCE
# search for pubkey OID: rsaEncryption: "1.2.840.113549.1.1.1"
# hex: 06 09 2A 86 48 86 F7 0D 01 01 01
subject_public_key_info = None
for seq in tbs_certificate:
if not isinstance(seq, basestring):
continue # skip numerics and non sequence stuff
if "\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01" in seq:
subject_public_key_info = seq
if subject_public_key_info is None:
raise ValueError("could not find OID rsaEncryption 1.2.840.113549.1.1.1 in certificate")
# Initialize RSA key
return RSA.importKey(subject_public_key_info)
def testDecode6(self):
# Two integers
der = DerSequence()
der.decode(b('0\x08\x02\x02\x01\x80\x02\x02\x00\xff'))
self.assertEquals(len(der), 2)
self.assertEquals(der[0], 0x180)
self.assertEquals(der[1], 0xFF)
def testDecode7(self):
# One integer and 2 other types
der = DerSequence()
der.decode(b('0\x0A\x02\x02\x01\x80\x24\x02\xb6\x63\x12\x00'))
self.assertEquals(len(der), 3)
self.assertEquals(der[0], 0x180)
self.assertEquals(der[1], b('\x24\x02\xb6\x63'))
self.assertEquals(der[2], b('\x12\x00'))
def testDecode7(self):
# One integer and 2 other types
der = DerSequence()
der.decode(b('0\x0A\x02\x02\x01\x80\x24\x02\xb6\x63\x12\x00'))
self.assertEquals(len(der),3)
self.assertEquals(der[0],0x180L)
self.assertEquals(der[1],b('\x24\x02\xb6\x63'))
self.assertEquals(der[2],b('\x12\x00'))
def der2rsa(der):
# Extract subjectPublicKeyInfo field from X.509 certificate (see RFC3280)
cert = DerSequence()
cert.decode(der)
tbs_certificate = DerSequence()
tbs_certificate.decode(cert[0])
subject_public_key_info = tbs_certificate[6]
# Initialize RSA key
return RSA.importKey(subject_public_key_info)
def der2rsa(der):
# Extract subjectPublicKeyInfo field from X.509 certificate (see RFC3280)
cert = DerSequence()
cert.decode(der)
tbs_certificate = DerSequence()
tbs_certificate.decode(cert[0])
subject_public_key_info = tbs_certificate[6]
# Initialize RSA key
return RSA.importKey(subject_public_key_info)
def testDecode8(self):
# Only 2 other types
der = DerSequence()
der.decode(b('0\x06\x24\x02\xb6\x63\x12\x00'))
self.assertEquals(len(der),2)
self.assertEquals(der[0],b('\x24\x02\xb6\x63'))
self.assertEquals(der[1],b('\x12\x00'))
self.assertEquals(der.hasInts(), 0)
self.assertEquals(der.hasInts(False), 0)
self.failIf(der.hasOnlyInts())
self.failIf(der.hasOnlyInts(False))
def testDecode8(self):
# Only 2 other types
der = DerSequence()
der.decode(b('0\x06\x24\x02\xb6\x63\x12\x00'))
self.assertEquals(len(der), 2)
self.assertEquals(der[0], b('\x24\x02\xb6\x63'))
self.assertEquals(der[1], b('\x12\x00'))
self.assertEquals(der.hasInts(), 0)
self.assertEquals(der.hasInts(False), 0)
self.failIf(der.hasOnlyInts())
self.failIf(der.hasOnlyInts(False))
def rsa_public_from_der_certificate(certificate):
# Extract subject_public_key_info field from X.509 certificate (see RFC3280)
try:
# try to extract pubkey from scapy.layers.x509 X509Cert type in case
# der_certificate is of type X509Cert
# Note: der_certificate may not be of type X509Cert if it wasn't
# received completely, in that case, we'll try to extract it anyway
# using the old method.
# TODO: get rid of the old method and always expect X509Cert obj ?
"""
Rebuild ASN1 SubjectPublicKeyInfo since X509Cert does not provide the full struct
ASN1F_SEQUENCE(
ASN1F_SEQUENCE(ASN1F_OID("pubkey_algo","1.2.840.113549.1.1.1"),
ASN1F_field("pk_value",ASN1_NULL(0))),
ASN1F_BIT_STRING("pubkey","")
),
"""
subject_public_key_info = ASN1_SEQUENCE([
ASN1_SEQUENCE([certificate.pubkey_algo, certificate.pk_value]),
certificate.pubkey
])
return RSA.importKey(str(subject_public_key_info))
except AttributeError:
pass
# Fallback method, may pot. allow to extract pubkey from incomplete der streams
cert = DerSequence()
cert.decode(certificate)
tbs_certificate = DerSequence()
tbs_certificate.decode(cert[0]) # first DER SEQUENCE
# search for pubkey OID: rsaEncryption: "1.2.840.113549.1.1.1"
# hex: 06 09 2A 86 48 86 F7 0D 01 01 01
subject_public_key_info = None
for seq in tbs_certificate:
if not isinstance(seq, basestring):
continue # skip numerics and non sequence stuff
if "\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01" in seq:
subject_public_key_info = seq
if subject_public_key_info is None:
raise ValueError(
"could not find OID rsaEncryption 1.2.840.113549.1.1.1 in certificate"
)
# Initialize RSA key
return RSA.importKey(subject_public_key_info)
def get_public_key_from_file(file_name):
with open(file_name) as f:
pem = f.read()
lines = pem.replace(" ", '').split()
der = a2b_base64(''.join(lines[1:-1]))
# Extract subjectPublicKeyInfo field from X.509 certificate (see RFC3280)
cert = DerSequence()
cert.decode(der)
tbsCertificate = DerSequence()
tbsCertificate.decode(cert[0])
subjectPublicKeyInfo = tbsCertificate[6]
# Initialize RSA key
publicKey = RSA.importKey(subjectPublicKeyInfo)
return publicKey.publickey()
def rsa_public_from_der_certificate(certificate):
# Extract subject_public_key_info field from X.509 certificate (see RFC3280)
try:
# try to extract pubkey from scapy.layers.x509 X509Cert type in case
# der_certificate is of type X509Cert
# Note: der_certificate may not be of type X509Cert if it wasn't
# received completely, in that case, we'll try to extract it anyway
# using the old method.
# TODO: get rid of the old method and always expect X509Cert obj ?
return RSA.importKey(
str(certificate.tbsCertificate.subjectPublicKeyInfo))
except AttributeError:
pass
# Fallback method, may pot. allow to extract pubkey from incomplete der streams
cert = DerSequence()
cert.decode(certificate)
tbs_certificate = DerSequence()
tbs_certificate.decode(cert[0]) # first DER SEQUENCE
# search for pubkey OID: rsaEncryption: "1.2.840.113549.1.1.1"
# hex: 06 09 2A 86 48 86 F7 0D 01 01 01
subject_public_key_info = None
for seq in tbs_certificate:
if not isinstance(seq, bytes) and not isinstance(seq, str):
continue # skip numerics and non sequence stuff
if b"\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01" in seq:
subject_public_key_info = seq
if subject_public_key_info is None:
raise ValueError(
"could not find OID rsaEncryption 1.2.840.113549.1.1.1 in certificate"
)
# Initialize RSA key
return RSA.importKey(subject_public_key_info)
def public_key_import_from_x509_certificate_string(certificate_string):
if certificate_string.find('-----BEGIN CERTIFICATE-----') \
and not certificate_string.find('-----BEGIN CERTIFICATE-----\n') \
and not certificate_string.find('-----BEGIN CERTIFICATE-----\r\n'):
certificate_string = certificate_string.replace(
'-----BEGIN CERTIFICATE-----', '-----BEGIN CERTIFICATE-----\n')
if certificate_string.find('\n-----END CERTIFICATE-----') \
and not certificate_string.find('\n-----END CERTIFICATE-----') \
and not certificate_string.find('\r\n-----END CERTIFICATE-----'):
certificate_string = certificate_string.replace(
'-----END CERTIFICATE-----', '\n-----END CERTIFICATE-----')
lines = certificate_string.replace(" ", '').split()
der = a2b_base64(''.join(lines[1:-1]))
# Extract subjectPublicKeyInfo field from X.509 certificate (see RFC3280)
cert = DerSequence()
cert.decode(der)
tbs_certificate = DerSequence()
tbs_certificate.decode(cert[0])
subject_public_key_info = tbs_certificate[6]
# Initialize RSA key
public_key = RSA.importKey(subject_public_key_info)
return public_key.publickey()
def testDecode1(self):
# Empty sequence
der = DerSequence()
der.decode(b('0\x00'))
self.assertEquals(len(der),0)
# One single-byte integer (zero)
der.decode(b('0\x03\x02\x01\x00'))
self.assertEquals(len(der),1)
self.assertEquals(der[0],0)
# Invariant
der.decode(b('0\x03\x02\x01\x00'))
self.assertEquals(len(der),1)
self.assertEquals(der[0],0)
def testDecode1(self):
# Empty sequence
der = DerSequence()
der.decode(b('0\x00'))
self.assertEquals(len(der), 0)
# One single-byte integer (zero)
der.decode(b('0\x03\x02\x01\x00'))
self.assertEquals(len(der), 1)
self.assertEquals(der[0], 0)
# Invariant
der.decode(b('0\x03\x02\x01\x00'))
self.assertEquals(len(der), 1)
self.assertEquals(der[0], 0)
def testDecode9(self):
# Verify that decode returns itself
der = DerSequence()
self.assertEqual(der, der.decode(b('0\x06\x24\x02\xb6\x63\x12\x00')))
def testDecode2(self):
# One single-byte integer (non-zero)
der = DerSequence()
der.decode(b('0\x03\x02\x01\x7f'))
self.assertEquals(len(der), 1)
self.assertEquals(der[0], 127)
def testDecode9(self):
# Verify that decode returns itself
der = DerSequence()
self.assertEqual(der, der.decode(b('0\x06\x24\x02\xb6\x63\x12\x00')))
def testDecode2(self):
# One single-byte integer (non-zero)
der = DerSequence()
der.decode(b('0\x03\x02\x01\x7f'))
self.assertEquals(len(der),1)
self.assertEquals(der[0],127)
