def __init__(self, **kargs):
seq = [ASN1F_PACKET("signatureAlgorithm",
X509_AlgorithmIdentifier(),
X509_AlgorithmIdentifier),
ASN1F_PACKET("subjectPublicKey", ECDSAPublicKey(),
ECDSAPublicKey)]
ASN1F_SEQUENCE.__init__(self, *seq, **kargs)
class NEGOEX_EXCHANGE_NTLM_ITEM(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE(
ASN1F_SEQUENCE(ASN1F_SEQUENCE(ASN1F_OID("oid", ""),
ASN1F_PRINTABLE_STRING("token", ""),
explicit_tag=0x31),
explicit_tag=0x80))
class SPNEGO_negTokenResp(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE(
ASN1F_SEQUENCE(
ASN1F_optional(
ASN1F_ENUMERATED("negResult",
0, {
0: "accept-completed",
1: "accept-incomplete",
2: "reject",
3: "request-mic"
},
explicit_tag=0xa0), ),
ASN1F_optional(
ASN1F_PACKET("supportedMech",
SPNEGO_MechType(),
SPNEGO_MechType,
explicit_tag=0xa1), ),
ASN1F_optional(
ASN1F_PACKET("responseToken",
None,
SPNEGO_Token,
explicit_tag=0xa2)),
ASN1F_optional(
ASN1F_PACKET("mechListMIC",
None,
SPNEGO_MechListMIC,
implicit_tag=0xa3))))
def __init__(self, **kargs):
seq = [
ASN1F_PACKET("signatureAlgorithm", X509_AlgorithmIdentifier(),
X509_AlgorithmIdentifier),
ASN1F_BIT_STRING("subjectPublicKey", None)
]
ASN1F_SEQUENCE.__init__(self, *seq, **kargs)
def __init__(self, **kargs):
seq = [
ASN1F_PACKET("tbsCertList", X509_TBSCertList(), X509_TBSCertList),
ASN1F_PACKET("signatureAlgorithm", X509_AlgorithmIdentifier(),
X509_AlgorithmIdentifier),
ASN1F_BIT_STRING("signatureValue", "defaultsignature" * 2)
]
ASN1F_SEQUENCE.__init__(self, *seq, **kargs)
def __init__(self, **kargs):
seq = [ASN1F_OID("extnID", "2.5.29.19"),
ASN1F_optional(
ASN1F_BOOLEAN("critical", False)),
ASN1F_PACKET("extnValue",
X509_ExtBasicConstraints(),
X509_ExtBasicConstraints,
explicit_tag=0x04)]
ASN1F_SEQUENCE.__init__(self, *seq, **kargs)
def __init__(self, **kargs):
seq = [
ASN1F_PACKET("tbsCertList", X509_TBSCertList(), X509_TBSCertList),
ASN1F_PACKET("signatureAlgorithm", X509_AlgorithmIdentifier(),
X509_AlgorithmIdentifier),
ASN1F_BIT_STRING_ENCAPS("signatureValue", ECDSASignature(),
ECDSASignature)
]
ASN1F_SEQUENCE.__init__(self, *seq, **kargs)
def __init__(self, **kargs):
seq = [ASN1F_OID("extnID", "2.5.29.19"),
ASN1F_optional(
ASN1F_BOOLEAN("critical", False)),
ASN1F_PACKET("extnValue",
X509_ExtBasicConstraints(),
X509_ExtBasicConstraints,
explicit_tag=0x04)]
ASN1F_SEQUENCE.__init__(self, *seq, **kargs)
class NEGOEX_EXCHANGE_NTLM(ASN1_Packet):
"""
GSSAPI NegoEX Exchange metadata blob
This was reversed and may be meaningless
"""
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE(
ASN1F_SEQUENCE(ASN1F_SEQUENCE_OF("items", [],
NEGOEX_EXCHANGE_NTLM_ITEM),
implicit_tag=0xa0), )
def __init__(self, **kargs):
seq = [ASN1F_PACKET("tbsCertList",
X509_TBSCertList(),
X509_TBSCertList),
ASN1F_PACKET("signatureAlgorithm",
X509_AlgorithmIdentifier(),
X509_AlgorithmIdentifier),
ASN1F_BIT_STRING("signatureValue",
"defaultsignature" * 2)]
ASN1F_SEQUENCE.__init__(self, *seq, **kargs)
def __init__(self, **kargs):
seq = [
ASN1F_PACKET("tbsResponseData", OCSP_ResponseData(),
OCSP_ResponseData),
ASN1F_PACKET("signatureAlgorithm", X509_AlgorithmIdentifier(),
X509_AlgorithmIdentifier),
ASN1F_BIT_STRING("signature", "defaultsignature" * 2),
ASN1F_optional(
ASN1F_SEQUENCE_OF("certs", None, X509_Cert, explicit_tag=0xa0))
]
ASN1F_SEQUENCE.__init__(self, *seq, **kargs)
def __init__(self, **kargs):
seq = [ASN1F_PACKET("tbsCertList",
X509_TBSCertList(),
X509_TBSCertList),
ASN1F_PACKET("signatureAlgorithm",
X509_AlgorithmIdentifier(),
X509_AlgorithmIdentifier),
ASN1F_BIT_STRING_ENCAPS("signatureValue",
ECDSASignature(),
ECDSASignature)]
ASN1F_SEQUENCE.__init__(self, *seq, **kargs)
def __init__(self, **kargs):
seq = [ASN1F_PACKET("tbsResponseData",
OCSP_ResponseData(),
OCSP_ResponseData),
ASN1F_PACKET("signatureAlgorithm",
X509_AlgorithmIdentifier(),
X509_AlgorithmIdentifier),
ASN1F_BIT_STRING("signature",
"defaultsignature" * 2),
ASN1F_optional(
ASN1F_SEQUENCE_OF("certs", None, X509_Cert,
explicit_tag=0xa0))]
ASN1F_SEQUENCE.__init__(self, *seq, **kargs)
class CLDAP(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE(
LDAP.ASN1_root.seq[0], # messageID
ASN1F_optional(LDAPDN("user", ""), ),
LDAP.ASN1_root.seq[1] # protocolOp
)
class LDAP_Control(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE(
LDAPOID("controlType", ""),
ASN1F_optional(ASN1F_BOOLEAN("criticality", False), ),
ASN1F_optional(ASN1F_STRING("controlValue", "")),
)
class X509_ExtNoticeReference(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE(
ASN1F_CHOICE("organization", ASN1_UTF8_STRING("Dummy Organization"),
ASN1F_IA5_STRING, ASN1F_ISO646_STRING, ASN1F_BMP_STRING,
ASN1F_UTF8_STRING),
ASN1F_SEQUENCE_OF("noticeNumbers", [], ASN1P_INTEGER))
class X509_Attribute(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE(
ASN1F_OID("type", "2.5.4.6"),
ASN1F_SET_OF("values",
[X509_AttributeValue()],
X509_AttributeValue))
class X509_ExtPolicyInformation(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE(
ASN1F_OID("policyIdentifier", "2.5.29.32.0"),
ASN1F_optional(
ASN1F_SEQUENCE_OF("policyQualifiers", None,
X509_ExtPolicyQualifierInfo)))
class X509_RevokedCertificate(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE(
ASN1F_INTEGER("serialNumber", 1),
ASN1F_UTC_TIME("revocationDate", str(ZuluTime(+86400))),
ASN1F_optional(
ASN1F_SEQUENCE_OF("crlEntryExtensions", None, X509_Extension)))
class X509_Validity(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE(
ASN1F_CHOICE("not_before", ASN1_UTC_TIME(str(ZuluTime(-600))),
ASN1F_UTC_TIME, ASN1F_GENERALIZED_TIME),
ASN1F_CHOICE("not_after", ASN1_UTC_TIME(str(ZuluTime(+86400))),
ASN1F_UTC_TIME, ASN1F_GENERALIZED_TIME))
class PKCS12_PBE1_Parameters(ASN1_Packet):
"""PKCS12 PBE1 Parameters"""
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE(
ASN1F_STRING("salt", ""),
ASN1F_INTEGER("iterations", 2048),
)
class X509_AlgorithmIdentifier(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE(
ASN1F_OID("algorithm", "1.2.840.113549.1.1.11"),
ASN1F_optional(
ASN1F_CHOICE("parameters", ASN1_NULL(0), ASN1F_NULL,
ECParameters)))
class X509_ExtPolicyConstraints(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE(
ASN1F_optional(
ASN1F_INTEGER("requireExplicitPolicy", None, implicit_tag=0x80)),
ASN1F_optional(
ASN1F_INTEGER("inhibitPolicyMapping", None, implicit_tag=0x81)))
class X509_ExtGeneralSubtree(ASN1_Packet):
# 'minimum' is not optional in RFC 5280, yet it is in some implementations.
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE(
ASN1F_PACKET("base", X509_GeneralName(), X509_GeneralName),
ASN1F_optional(ASN1F_INTEGER("minimum", None, implicit_tag=0x80)),
ASN1F_optional(ASN1F_INTEGER("maximum", None, implicit_tag=0x81)))
class ECCurve(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE(
ASN1F_STRING("a", ""),
ASN1F_STRING("b", ""),
ASN1F_optional(
ASN1F_BIT_STRING("seed", None)))
class X509_EDIPartyName(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE(
ASN1F_optional(
ASN1F_X509_DirectoryString("nameAssigner", None,
explicit_tag=0xa0)),
ASN1F_X509_DirectoryString("partyName", None, explicit_tag=0xa1))
class OCSP_CertID(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE(
ASN1F_PACKET("hashAlgorithm", X509_AlgorithmIdentifier(),
X509_AlgorithmIdentifier),
ASN1F_STRING("issuerNameHash", ""), ASN1F_STRING("issuerKeyHash", ""),
ASN1F_INTEGER("serialNumber", 0))
class ASN1P_PRIVSEQ(ASN1_Packet):
# This class gets used in x509.uts
# It showcases the private high-tag decoding capacities of scapy.
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE(ASN1F_IA5_STRING("str", ""),
ASN1F_STRING("int", 0),
explicit_tag=0,
flexible_tag=True)
class X509_OtherName(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE(
ASN1F_OID("type_id", "0"),
ASN1F_CHOICE("value", None,
ASN1F_IA5_STRING, ASN1F_ISO646_STRING,
ASN1F_BMP_STRING, ASN1F_UTF8_STRING,
explicit_tag=0xa0))
class X509_ExtBasicConstraints(ASN1_Packet):
# The cA field should not be optional, but some certs omit it for False.
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE(
ASN1F_optional(
ASN1F_BOOLEAN("cA", False)),
ASN1F_optional(
ASN1F_INTEGER("pathLenConstraint", None)))
class OCSP_RevokedInfo(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE(
ASN1F_GENERALIZED_TIME("revocationTime", ""),
ASN1F_optional(
ASN1F_PACKET("revocationReason", None,
X509_ExtReasonCode,
explicit_tag=0x80)))
class ECSpecifiedDomain(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE(
ASN1F_enum_INTEGER("version", 1, {1: "ecpVer1"}),
ASN1F_PACKET("fieldID", ECFieldID(), ECFieldID),
ASN1F_PACKET("curve", ECCurve(), ECCurve), ASN1F_STRING("base", ""),
ASN1F_INTEGER("order", 0),
ASN1F_optional(ASN1F_INTEGER("cofactor", None)))
class SAPPSE_Obj_PKRoot(ASN1_Packet):
"""SAP PSEv2 PKRoot Object definition"""
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE(
ASN1F_PACKET("ca", X509_DirectoryName(), X509_DirectoryName),
ASN1F_PACKET("new_key", SAPPSE_Root_Key(), SAPPSE_Root_Key),
ASN1F_PACKET("old_key", SAPPSE_Root_Key(), SAPPSE_Root_Key, explicit_tag=0xa0),
)
def m2i(self, pkt, x):
c, s = ASN1F_SEQUENCE.m2i(self, pkt, x)
sigtype = pkt.fields["signatureAlgorithm"].algorithm.oidname
if "rsa" in sigtype.lower():
return c, s
elif "ecdsa" in sigtype.lower():
return ASN1F_X509_CertECDSA().m2i(pkt, x)
else:
raise Exception("could not parse certificate")
def m2i(self, pkt, x):
c, s = ASN1F_SEQUENCE.m2i(self, pkt, x)
sigtype = pkt.fields["signatureAlgorithm"].algorithm.oidname
if "rsa" in sigtype.lower():
return c, s
elif "ecdsa" in sigtype.lower():
return ASN1F_X509_CRLECDSA().m2i(pkt, x)
else:
raise Exception("could not parse certificate")
def m2i(self, pkt, x):
c, s = ASN1F_SEQUENCE.m2i(self, pkt, x)
keytype = pkt.fields["signatureAlgorithm"].algorithm.oidname
if "rsa" in keytype.lower():
return ASN1F_X509_SubjectPublicKeyInfoRSA().m2i(pkt, x)
elif keytype == "ecPublicKey":
return ASN1F_X509_SubjectPublicKeyInfoECDSA().m2i(pkt, x)
else:
raise Exception("could not parse subjectPublicKeyInfo")
def m2i(self, pkt, x):
c, s = ASN1F_SEQUENCE.m2i(self, pkt, x)
sigtype = pkt.fields["signatureAlgorithm"].algorithm.oidname
if "rsa" in sigtype.lower():
return c, s
elif "ecdsa" in sigtype.lower():
return ASN1F_OCSP_BasicResponseECDSA().m2i(pkt, x)
else:
raise Exception("could not parse OCSP basic response")
def m2i(self, pkt, x):
c, s = ASN1F_SEQUENCE.m2i(self, pkt, x)
keytype = pkt.fields["signatureAlgorithm"].algorithm.oidname
if "rsa" in keytype.lower():
return ASN1F_X509_SubjectPublicKeyInfoRSA().m2i(pkt, x)
elif keytype == "ecPublicKey":
return ASN1F_X509_SubjectPublicKeyInfoECDSA().m2i(pkt, x)
else:
raise Exception("could not parse subjectPublicKeyInfo")
def build(self, pkt):
if "signatureAlgorithm" in pkt.fields:
sigtype = pkt.fields['signatureAlgorithm'].algorithm.oidname
else:
sigtype = pkt.default_fields["signatureAlgorithm"].algorithm.oidname # noqa: E501
if "rsa" in sigtype.lower():
return ASN1F_SEQUENCE.build(self, pkt)
elif "ecdsa" in sigtype.lower():
pkt.default_fields["signatureValue"] = ECDSASignature()
return ASN1F_OCSP_BasicResponseECDSA().build(pkt)
else:
raise Exception("could not build OCSP basic response")
